diff --git a/2001/0xxx/CVE-2001-0419.json b/2001/0xxx/CVE-2001-0419.json index a673f17a2d9..33f11900857 100644 --- a/2001/0xxx/CVE-2001-0419.json +++ b/2001/0xxx/CVE-2001-0419.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in shared library ndwfn4.so for iPlanet Web Server (iWS) 4.1, when used as a web listener for Oracle application server 4.0.8.2, allows remote attackers to execute arbitrary commands via a long HTTP request that is passed to the application server, such as /jsp/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010410 Oracle Application Server shared library buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98692227816141&w=2" - }, - { - "name" : "2569", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2569" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in shared library ndwfn4.so for iPlanet Web Server (iWS) 4.1, when used as a web listener for Oracle application server 4.0.8.2, allows remote attackers to execute arbitrary commands via a long HTTP request that is passed to the application server, such as /jsp/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2569", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2569" + }, + { + "name": "20010410 Oracle Application Server shared library buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98692227816141&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0484.json b/2008/0xxx/CVE-2008-0484.json index 72337f76ab1..116dfa91b2f 100644 --- a/2008/0xxx/CVE-2008-0484.json +++ b/2008/0xxx/CVE-2008-0484.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0484", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0484", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0491.json b/2008/0xxx/CVE-2008-0491.json index d0184f3867f..a76cd5bf561 100644 --- a/2008/0xxx/CVE-2008-0491.json +++ b/2008/0xxx/CVE-2008-0491.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0491", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in fim_rss.php in the fGallery 2.4.1 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the album parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0491", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4993", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4993" - }, - { - "name" : "27464", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27464" - }, - { - "name" : "ADV-2008-0349", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0349" - }, - { - "name" : "fgallery-fimrss-sql-injection(39964)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39964" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in fim_rss.php in the fGallery 2.4.1 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the album parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "fgallery-fimrss-sql-injection(39964)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39964" + }, + { + "name": "27464", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27464" + }, + { + "name": "4993", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4993" + }, + { + "name": "ADV-2008-0349", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0349" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0671.json b/2008/0xxx/CVE-2008-0671.json index acef4d48fbf..5ae3734f392 100644 --- a/2008/0xxx/CVE-2008-0671.json +++ b/2008/0xxx/CVE-2008-0671.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the add_line_buffer function in TinTin++ 1.97.9 and WinTin++ 1.97.9 allows remote attackers to execute arbitrary code via a long chat message, related to conversion from LF to CRLF." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080206 Chat vulnerabilities in TinTin++ 1.97.9", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487687/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/rintintin-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/rintintin-adv.txt" - }, - { - "name" : "GLSA-201111-07", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201111-07.xml" - }, - { - "name" : "27660", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27660" - }, - { - "name" : "ADV-2008-0449", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0449" - }, - { - "name" : "28833", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28833" - }, - { - "name" : "3632", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3632" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the add_line_buffer function in TinTin++ 1.97.9 and WinTin++ 1.97.9 allows remote attackers to execute arbitrary code via a long chat message, related to conversion from LF to CRLF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201111-07", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201111-07.xml" + }, + { + "name": "3632", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3632" + }, + { + "name": "28833", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28833" + }, + { + "name": "27660", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27660" + }, + { + "name": "20080206 Chat vulnerabilities in TinTin++ 1.97.9", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487687/100/0/threaded" + }, + { + "name": "http://aluigi.altervista.org/adv/rintintin-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/rintintin-adv.txt" + }, + { + "name": "ADV-2008-0449", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0449" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1157.json b/2008/1xxx/CVE-2008-1157.json index 7969d7fc4e4..235b70f3234 100644 --- a/2008/1xxx/CVE-2008-1157.json +++ b/2008/1xxx/CVE-2008-1157.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a process that executes a command shell and listens on a randomly chosen TCP port, which allows remote attackers to execute arbitrary commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2008-1157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080313 CiscoWorks Internetwork Performance Monitor Remote Command Execution Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20080313-ipm.shtml" - }, - { - "name" : "28249", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28249" - }, - { - "name" : "ADV-2008-0876", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0876/references" - }, - { - "name" : "1019611", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019611" - }, - { - "name" : "29376", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29376" - }, - { - "name" : "cisco-ciscoworks-ipm-command-execution(41208)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41208" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a process that executes a command shell and listens on a randomly chosen TCP port, which allows remote attackers to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080313 CiscoWorks Internetwork Performance Monitor Remote Command Execution Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080313-ipm.shtml" + }, + { + "name": "ADV-2008-0876", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0876/references" + }, + { + "name": "cisco-ciscoworks-ipm-command-execution(41208)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41208" + }, + { + "name": "1019611", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019611" + }, + { + "name": "28249", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28249" + }, + { + "name": "29376", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29376" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1273.json b/2008/1xxx/CVE-2008-1273.json index e197048aef1..57282bf91ad 100644 --- a/2008/1xxx/CVE-2008-1273.json +++ b/2008/1xxx/CVE-2008-1273.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in imageVue 1.7 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) popup.php, (2) test/dir2.php, (3) admin/upload.php, and (4) dirxml.php in upload/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/28138.html", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/28138.html" - }, - { - "name" : "28138", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28138" - }, - { - "name" : "imagevue-path-xss(41169)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41169" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in imageVue 1.7 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) popup.php, (2) test/dir2.php, (3) admin/upload.php, and (4) dirxml.php in upload/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "imagevue-path-xss(41169)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41169" + }, + { + "name": "28138", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28138" + }, + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/28138.html", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/28138.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1293.json b/2008/1xxx/CVE-2008-1293.json index 2521254303e..9609f6a52ef 100644 --- a/2008/1xxx/CVE-2008-1293.json +++ b/2008/1xxx/CVE-2008-1293.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1293", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 passes the -ac option to the X server on each LTSP client, which allows remote attackers to connect to this server via TCP port 6006 (aka display :6)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1293", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20080311 CVE request: insecure X11 handling in ltsp", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/03/11/2" - }, - { - "name" : "[oss-security] 20080312 Re: CVE request: insecure X11 handling in ltsp", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/03/12/3" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469462", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469462" - }, - { - "name" : "DSA-1561", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1561" - }, - { - "name" : "USN-610-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/610-1/" - }, - { - "name" : "28960", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28960" - }, - { - "name" : "1019940", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019940" - }, - { - "name" : "29959", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29959" - }, - { - "name" : "30099", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30099" - }, - { - "name" : "ltsp-ldm-weak-security(42080)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42080" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 passes the -ac option to the X server on each LTSP client, which allows remote attackers to connect to this server via TCP port 6006 (aka display :6)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20080312 Re: CVE request: insecure X11 handling in ltsp", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/03/12/3" + }, + { + "name": "1019940", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019940" + }, + { + "name": "[oss-security] 20080311 CVE request: insecure X11 handling in ltsp", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/03/11/2" + }, + { + "name": "USN-610-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/610-1/" + }, + { + "name": "28960", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28960" + }, + { + "name": "30099", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30099" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469462", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469462" + }, + { + "name": "DSA-1561", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1561" + }, + { + "name": "29959", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29959" + }, + { + "name": "ltsp-ldm-weak-security(42080)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42080" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1331.json b/2008/1xxx/CVE-2008-1331.json index 50942575d58..f34ce4e78ba 100644 --- a/2008/1xxx/CVE-2008-1331.json +++ b/2008/1xxx/CVE-2008-1331.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access services OXO210 before 210/091.001, OXO600 before 610/014.001, and other versions, allows remote attackers to execute arbitrary commands and \"obtain OXO resources\" via shell metacharacters in the id2 parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080521 [DSECRG-08-020] Alcatel OmniPCX Office Remote Comand Execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492383/100/0/threaded" - }, - { - "name" : "5662", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5662" - }, - { - "name" : "http://www1.alcatel-lucent.com/psirt/statements/2008001/OXOrexec.htm", - "refsource" : "CONFIRM", - "url" : "http://www1.alcatel-lucent.com/psirt/statements/2008001/OXOrexec.htm" - }, - { - "name" : "28758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28758" - }, - { - "name" : "ADV-2008-1057", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1057" - }, - { - "name" : "1020082", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020082" - }, - { - "name" : "29798", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29798" - }, - { - "name" : "omnipcx-cgiscript-info-disclosure(41560)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41560" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access services OXO210 before 210/091.001, OXO600 before 610/014.001, and other versions, allows remote attackers to execute arbitrary commands and \"obtain OXO resources\" via shell metacharacters in the id2 parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5662", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5662" + }, + { + "name": "http://www1.alcatel-lucent.com/psirt/statements/2008001/OXOrexec.htm", + "refsource": "CONFIRM", + "url": "http://www1.alcatel-lucent.com/psirt/statements/2008001/OXOrexec.htm" + }, + { + "name": "29798", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29798" + }, + { + "name": "ADV-2008-1057", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1057" + }, + { + "name": "omnipcx-cgiscript-info-disclosure(41560)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41560" + }, + { + "name": "28758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28758" + }, + { + "name": "20080521 [DSECRG-08-020] Alcatel OmniPCX Office Remote Comand Execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492383/100/0/threaded" + }, + { + "name": "1020082", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020082" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1836.json b/2008/1xxx/CVE-2008-1836.json index 9e5777e4c8d..a563d76a513 100644 --- a/2008/1xxx/CVE-2008-1836.json +++ b/2008/1xxx/CVE-2008-1836.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1836", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-1836", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=881", - "refsource" : "CONFIRM", - "url" : "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=881" - }, - { - "name" : "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html", - "refsource" : "CONFIRM", - "url" : "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html" - }, - { - "name" : "APPLE-SA-2008-09-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html" - }, - { - "name" : "FEDORA-2008-3900", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html" - }, - { - "name" : "GLSA-200805-19", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200805-19.xml" - }, - { - "name" : "MDVSA-2008:088", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088" - }, - { - "name" : "SUSE-SA:2008:024", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html" - }, - { - "name" : "TA08-260A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-260A.html" - }, - { - "name" : "28784", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28784" - }, - { - "name" : "ADV-2008-2584", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2584" - }, - { - "name" : "29891", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29891" - }, - { - "name" : "30253", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30253" - }, - { - "name" : "30328", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30328" - }, - { - "name" : "31576", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31576" - }, - { - "name" : "31882", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31882" - }, - { - "name" : "clamav-rfc2231-dos(41868)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41868" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2008:088", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088" + }, + { + "name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=881", + "refsource": "CONFIRM", + "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=881" + }, + { + "name": "FEDORA-2008-3900", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html" + }, + { + "name": "GLSA-200805-19", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200805-19.xml" + }, + { + "name": "APPLE-SA-2008-09-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html" + }, + { + "name": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html", + "refsource": "CONFIRM", + "url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html" + }, + { + "name": "29891", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29891" + }, + { + "name": "TA08-260A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html" + }, + { + "name": "28784", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28784" + }, + { + "name": "ADV-2008-2584", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2584" + }, + { + "name": "31882", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31882" + }, + { + "name": "30328", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30328" + }, + { + "name": "clamav-rfc2231-dos(41868)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41868" + }, + { + "name": "30253", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30253" + }, + { + "name": "31576", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31576" + }, + { + "name": "SUSE-SA:2008:024", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5169.json b/2008/5xxx/CVE-2008-5169.json index bebe7a70fe7..7c84934ddb7 100644 --- a/2008/5xxx/CVE-2008-5169.json +++ b/2008/5xxx/CVE-2008-5169.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in drinks/drink.php in Drinks Complete Website 2.1.0 allows remote attackers to execute arbitrary SQL commands via the drinkid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5949", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5949" - }, - { - "name" : "29969", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29969" - }, - { - "name" : "30859", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30859" - }, - { - "name" : "4617", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4617" - }, - { - "name" : "drinkswebsite-drink-sql-injection(43397)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43397" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in drinks/drink.php in Drinks Complete Website 2.1.0 allows remote attackers to execute arbitrary SQL commands via the drinkid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5949", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5949" + }, + { + "name": "29969", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29969" + }, + { + "name": "30859", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30859" + }, + { + "name": "4617", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4617" + }, + { + "name": "drinkswebsite-drink-sql-injection(43397)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43397" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5236.json b/2008/5xxx/CVE-2008-5236.json index 7ca9da171a6..430bb790a18 100644 --- a/2008/5xxx/CVE-2008-5236.json +++ b/2008/5xxx/CVE-2008-5236.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5236", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple heap-based buffer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted EBML element length processed by the parse_block_group function in demux_matroska.c; (2) a certain combination of sps, w, and h values processed by the real_parse_audio_specific_data and demux_real_send_chunk functions in demux_real.c; and (3) an unspecified combination of three values processed by the open_ra_file function in demux_realaudio.c. NOTE: vector 2 reportedly exists because of an incomplete fix in 1.1.15." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495674/100/0/threaded" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=619869", - "refsource" : "MISC", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=619869" - }, - { - "name" : "http://www.ocert.org/analysis/2008-008/analysis.txt", - "refsource" : "MISC", - "url" : "http://www.ocert.org/analysis/2008-008/analysis.txt" - }, - { - "name" : "FEDORA-2009-0542", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html" - }, - { - "name" : "FEDORA-2008-7512", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" - }, - { - "name" : "FEDORA-2008-7572", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" - }, - { - "name" : "MDVSA-2009:020", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" - }, - { - "name" : "SUSE-SR:2009:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" - }, - { - "name" : "30797", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30797" - }, - { - "name" : "47744", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/47744" - }, - { - "name" : "31827", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31827" - }, - { - "name" : "ADV-2008-2382", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2382" - }, - { - "name" : "ADV-2008-2427", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2427" - }, - { - "name" : "31502", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31502" - }, - { - "name" : "31567", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31567" - }, - { - "name" : "33544", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33544" - }, - { - "name" : "4648", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4648" - }, - { - "name" : "xinelib-openrafile-bo(44642)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44642" - }, - { - "name" : "xinelib-parseblockgroup-bo(44634)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44634" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple heap-based buffer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted EBML element length processed by the parse_block_group function in demux_matroska.c; (2) a certain combination of sps, w, and h values processed by the real_parse_audio_specific_data and demux_real_send_chunk functions in demux_real.c; and (3) an unspecified combination of three values processed by the open_ra_file function in demux_realaudio.c. NOTE: vector 2 reportedly exists because of an incomplete fix in 1.1.15." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31567", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31567" + }, + { + "name": "30797", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30797" + }, + { + "name": "xinelib-openrafile-bo(44642)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44642" + }, + { + "name": "33544", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33544" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=619869", + "refsource": "MISC", + "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" + }, + { + "name": "http://www.ocert.org/analysis/2008-008/analysis.txt", + "refsource": "MISC", + "url": "http://www.ocert.org/analysis/2008-008/analysis.txt" + }, + { + "name": "xinelib-parseblockgroup-bo(44634)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44634" + }, + { + "name": "4648", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4648" + }, + { + "name": "ADV-2008-2427", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2427" + }, + { + "name": "31827", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31827" + }, + { + "name": "47744", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/47744" + }, + { + "name": "FEDORA-2008-7572", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" + }, + { + "name": "SUSE-SR:2009:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" + }, + { + "name": "31502", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31502" + }, + { + "name": "ADV-2008-2382", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2382" + }, + { + "name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded" + }, + { + "name": "MDVSA-2009:020", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" + }, + { + "name": "FEDORA-2009-0542", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html" + }, + { + "name": "FEDORA-2008-7512", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5437.json b/2008/5xxx/CVE-2008-5437.json index 3707721b539..230606a0d1f 100644 --- a/2008/5xxx/CVE-2008-5437.json +++ b/2008/5xxx/CVE-2008-5437.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Job Queue component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_IJOB." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2008-5437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html" - }, - { - "name" : "33177", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33177" - }, - { - "name" : "ADV-2009-0115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0115" - }, - { - "name" : "51352", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51352" - }, - { - "name" : "1021561", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021561" - }, - { - "name" : "33525", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Job Queue component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_IJOB." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33525", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33525" + }, + { + "name": "51352", + "refsource": "OSVDB", + "url": "http://osvdb.org/51352" + }, + { + "name": "1021561", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021561" + }, + { + "name": "ADV-2009-0115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0115" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html" + }, + { + "name": "33177", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33177" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5445.json b/2008/5xxx/CVE-2008-5445.json index 965a6617dad..23fdc3c5b24 100644 --- a/2008/5xxx/CVE-2008-5445.json +++ b/2008/5xxx/CVE-2008-5445.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a denial of service in observiced.exe via malformed private Protocol data that triggers a NULL pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2008-5445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090115 Oracle Secure Backup's observiced.exe Denial Of Service vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500113/100/0/threaded" - }, - { - "name" : "http://www.fortiguardcenter.com/advisory/FGA-2009-02.html", - "refsource" : "MISC", - "url" : "http://www.fortiguardcenter.com/advisory/FGA-2009-02.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html" - }, - { - "name" : "33177", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33177" - }, - { - "name" : "ADV-2009-0115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0115" - }, - { - "name" : "33525", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a denial of service in observiced.exe via malformed private Protocol data that triggers a NULL pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.fortiguardcenter.com/advisory/FGA-2009-02.html", + "refsource": "MISC", + "url": "http://www.fortiguardcenter.com/advisory/FGA-2009-02.html" + }, + { + "name": "33525", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33525" + }, + { + "name": "ADV-2009-0115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0115" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html" + }, + { + "name": "33177", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33177" + }, + { + "name": "20090115 Oracle Secure Backup's observiced.exe Denial Of Service vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500113/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5464.json b/2008/5xxx/CVE-2008-5464.json index db20ec1cda7..f33f24b7aee 100644 --- a/2008/5xxx/CVE-2008-5464.json +++ b/2008/5xxx/CVE-2008-5464.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5464", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-5464", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0444.json b/2013/0xxx/CVE-2013-0444.json index c51078e8b6b..6ffd2ccadf2 100644 --- a/2013/0xxx/CVE-2013-0444.json +++ b/2013/0xxx/CVE-2013-0444.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"insufficient checks for cached results\" by the Java Beans MethodFinder, which might allow attackers to access methods that should only be accessible to privileged code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-0444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" - }, - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907218", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907218" - }, - { - "name" : "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce04db4aba39", - "refsource" : "CONFIRM", - "url" : "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce04db4aba39" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBMU02874", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "HPSBUX02857", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" - }, - { - "name" : "SSRT101103", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" - }, - { - "name" : "SSRT101184", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "MDVSA-2013:095", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095" - }, - { - "name" : "RHSA-2013:0237", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0237.html" - }, - { - "name" : "RHSA-2013:0247", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0247.html" - }, - { - "name" : "openSUSE-SU-2013:0377", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html" - }, - { - "name" : "TA13-032A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" - }, - { - "name" : "VU#858729", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/858729" - }, - { - "name" : "oval:org.mitre.oval:def:16614", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16614" - }, - { - "name" : "oval:org.mitre.oval:def:19349", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19349" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"insufficient checks for cached results\" by the Java Beans MethodFinder, which might allow attackers to access methods that should only be accessible to privileged code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16614", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16614" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "MDVSA-2013:095", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095" + }, + { + "name": "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce04db4aba39", + "refsource": "CONFIRM", + "url": "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce04db4aba39" + }, + { + "name": "TA13-032A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" + }, + { + "name": "VU#858729", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/858729" + }, + { + "name": "RHSA-2013:0237", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0237.html" + }, + { + "name": "HPSBUX02857", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2" + }, + { + "name": "RHSA-2013:0247", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0247.html" + }, + { + "name": "HPSBMU02874", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + }, + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907218", + "refsource": "CONFIRM", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907218" + }, + { + "name": "SSRT101103", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2" + }, + { + "name": "openSUSE-SU-2013:0377", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html" + }, + { + "name": "oval:org.mitre.oval:def:19349", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19349" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" + }, + { + "name": "SSRT101184", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0625.json b/2013/0xxx/CVE-2013-0625.json index 2608f944260..5edc50a6779 100644 --- a/2013/0xxx/CVE-2013-0625.json +++ b/2013/0xxx/CVE-2013-0625.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2013-0625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/advisories/apsa13-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/advisories/apsa13-01.html" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb13-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb13-03.html" - }, - { - "name" : "57164", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57164", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57164" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb13-03.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb13-03.html" + }, + { + "name": "http://www.adobe.com/support/security/advisories/apsa13-01.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/advisories/apsa13-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3141.json b/2013/3xxx/CVE-2013-3141.json index 5ece23168dc..ccfc54cb1a6 100644 --- a/2013/3xxx/CVE-2013-3141.json +++ b/2013/3xxx/CVE-2013-3141.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3110." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-047", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-047" - }, - { - "name" : "TA13-168A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-168A" - }, - { - "name" : "oval:org.mitre.oval:def:15981", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15981" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3110." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA13-168A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-168A" + }, + { + "name": "MS13-047", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-047" + }, + { + "name": "oval:org.mitre.oval:def:15981", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15981" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3391.json b/2013/3xxx/CVE-2013-3391.json index 9734a350f11..df195012f20 100644 --- a/2013/3xxx/CVE-2013-3391.json +++ b/2013/3xxx/CVE-2013-3391.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3391", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3391", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3727.json b/2013/3xxx/CVE-2013-3727.json index 3e0a73ab05c..cdf95aea9da 100644 --- a/2013/3xxx/CVE-2013-3727.json +++ b/2013/3xxx/CVE-2013-3727.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3727", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users to execute arbitrary SQL commands via the groups[] parameter to admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3727", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130703 Multiple Vulnerabilities in Kasseler CMS", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2013/Jul/26" - }, - { - "name" : "http://packetstormsecurity.com/files/122282/Kasseler-CMS-2-r1223-CSRF-XSS-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/122282/Kasseler-CMS-2-r1223-CSRF-XSS-SQL-Injection.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23158", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23158" - }, - { - "name" : "http://diff.kasseler-cms.net/svn.html", - "refsource" : "CONFIRM", - "url" : "http://diff.kasseler-cms.net/svn.html" - }, - { - "name" : "http://diff.kasseler-cms.net/svn/patches/1232.html", - "refsource" : "CONFIRM", - "url" : "http://diff.kasseler-cms.net/svn/patches/1232.html" - }, - { - "name" : "94779", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/94779" - }, - { - "name" : "kasselercms-cve20133727-admin-sql-injection(85407)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users to execute arbitrary SQL commands via the groups[] parameter to admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94779", + "refsource": "OSVDB", + "url": "http://osvdb.org/94779" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23158", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23158" + }, + { + "name": "20130703 Multiple Vulnerabilities in Kasseler CMS", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2013/Jul/26" + }, + { + "name": "http://diff.kasseler-cms.net/svn.html", + "refsource": "CONFIRM", + "url": "http://diff.kasseler-cms.net/svn.html" + }, + { + "name": "kasselercms-cve20133727-admin-sql-injection(85407)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85407" + }, + { + "name": "http://packetstormsecurity.com/files/122282/Kasseler-CMS-2-r1223-CSRF-XSS-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/122282/Kasseler-CMS-2-r1223-CSRF-XSS-SQL-Injection.html" + }, + { + "name": "http://diff.kasseler-cms.net/svn/patches/1232.html", + "refsource": "CONFIRM", + "url": "http://diff.kasseler-cms.net/svn/patches/1232.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3741.json b/2013/3xxx/CVE-2013-3741.json index 1fcf1078d30..60e0d1a1469 100644 --- a/2013/3xxx/CVE-2013-3741.json +++ b/2013/3xxx/CVE-2013-3741.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3741", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3741", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4557.json b/2013/4xxx/CVE-2013-4557.json index a88a39fcfef..2167a7ff851 100644 --- a/2013/4xxx/CVE-2013-4557.json +++ b/2013/4xxx/CVE-2013-4557.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131110 Re: CVE Request: multiple vulnerabilities in spip", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/11/10/4" - }, - { - "name" : "http://www.spip.net/fr_article5646.html", - "refsource" : "CONFIRM", - "url" : "http://www.spip.net/fr_article5646.html" - }, - { - "name" : "http://www.spip.net/fr_article5648.html", - "refsource" : "CONFIRM", - "url" : "http://www.spip.net/fr_article5648.html" - }, - { - "name" : "http://zone.spip.org/trac/spip-zone/changeset/75105/_core_/securite/ecran_securite.php", - "refsource" : "CONFIRM", - "url" : "http://zone.spip.org/trac/spip-zone/changeset/75105/_core_/securite/ecran_securite.php" - }, - { - "name" : "DSA-2794", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2013/dsa-2794" - }, - { - "name" : "1029317", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029317" - }, - { - "name" : "55551", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55551" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2794", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2013/dsa-2794" + }, + { + "name": "http://www.spip.net/fr_article5646.html", + "refsource": "CONFIRM", + "url": "http://www.spip.net/fr_article5646.html" + }, + { + "name": "1029317", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029317" + }, + { + "name": "[oss-security] 20131110 Re: CVE Request: multiple vulnerabilities in spip", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/11/10/4" + }, + { + "name": "55551", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55551" + }, + { + "name": "http://www.spip.net/fr_article5648.html", + "refsource": "CONFIRM", + "url": "http://www.spip.net/fr_article5648.html" + }, + { + "name": "http://zone.spip.org/trac/spip-zone/changeset/75105/_core_/securite/ecran_securite.php", + "refsource": "CONFIRM", + "url": "http://zone.spip.org/trac/spip-zone/changeset/75105/_core_/securite/ecran_securite.php" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4822.json b/2013/4xxx/CVE-2013-4822.json index e3134c008cc..5ba68c79496 100644 --- a/2013/4xxx/CVE-2013-4822.json +++ b/2013/4xxx/CVE-2013-4822.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4822", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1606." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-4822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBGN02929", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03943425" - }, - { - "name" : "SSRT101025", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03943425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1606." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBGN02929", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03943425" + }, + { + "name": "SSRT101025", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03943425" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6382.json b/2013/6xxx/CVE-2013-6382.json index ff91f8a8071..392b23125e8 100644 --- a/2013/6xxx/CVE-2013-6382.json +++ b/2013/6xxx/CVE-2013-6382.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-6382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131122 Linux kernel CVE fixes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/11/22/5" - }, - { - "name" : "[xfs] 20131031 [patch] xfs: underflow bug in xfs_attrlist_by_handle()", - "refsource" : "MLIST", - "url" : "http://www.spinics.net/lists/xfs/msg23343.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1033603", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1033603" - }, - { - "name" : "USN-2113-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2113-1" - }, - { - "name" : "USN-2117-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2117-1" - }, - { - "name" : "USN-2109-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2109-1" - }, - { - "name" : "USN-2110-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2110-1" - }, - { - "name" : "USN-2128-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2128-1" - }, - { - "name" : "USN-2129-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2129-1" - }, - { - "name" : "USN-2135-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2135-1" - }, - { - "name" : "USN-2138-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2138-1" - }, - { - "name" : "USN-2139-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2139-1" - }, - { - "name" : "USN-2141-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2141-1" - }, - { - "name" : "USN-2158-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2158-1" - }, - { - "name" : "63889", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2135-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2135-1" + }, + { + "name": "USN-2138-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2138-1" + }, + { + "name": "USN-2113-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2113-1" + }, + { + "name": "USN-2141-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2141-1" + }, + { + "name": "[oss-security] 20131122 Linux kernel CVE fixes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/11/22/5" + }, + { + "name": "USN-2110-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2110-1" + }, + { + "name": "USN-2129-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2129-1" + }, + { + "name": "USN-2128-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2128-1" + }, + { + "name": "USN-2139-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2139-1" + }, + { + "name": "USN-2158-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2158-1" + }, + { + "name": "USN-2117-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2117-1" + }, + { + "name": "63889", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63889" + }, + { + "name": "USN-2109-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2109-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1033603", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033603" + }, + { + "name": "[xfs] 20131031 [patch] xfs: underflow bug in xfs_attrlist_by_handle()", + "refsource": "MLIST", + "url": "http://www.spinics.net/lists/xfs/msg23343.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6643.json b/2013/6xxx/CVE-2013-6643.json index ca20d15c964..e2706744f53 100644 --- a/2013/6xxx/CVE-2013-6643.json +++ b/2013/6xxx/CVE-2013-6643.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=321940", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=321940" - }, - { - "name" : "https://src.chromium.org/viewvc/chrome?revision=237115&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/chrome?revision=237115&view=revision" - }, - { - "name" : "DSA-2862", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2862" - }, - { - "name" : "openSUSE-SU-2014:0243", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00008.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://src.chromium.org/viewvc/chrome?revision=237115&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/chrome?revision=237115&view=revision" + }, + { + "name": "openSUSE-SU-2014:0243", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00008.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=321940", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=321940" + }, + { + "name": "DSA-2862", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2862" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6740.json b/2013/6xxx/CVE-2013-6740.json index 294fad56729..157bf264240 100644 --- a/2013/6xxx/CVE-2013-6740.json +++ b/2013/6xxx/CVE-2013-6740.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6740", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6740", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7159.json b/2013/7xxx/CVE-2013-7159.json index 590d518ffec..ed7d8ad1551 100644 --- a/2013/7xxx/CVE-2013-7159.json +++ b/2013/7xxx/CVE-2013-7159.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7159", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7159", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7463.json b/2013/7xxx/CVE-2013-7463.json index c581fea19f2..94cee63ee9d 100644 --- a/2013/7xxx/CVE-2013-7463.json +++ b/2013/7xxx/CVE-2013-7463.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Gurpartap/aescrypt/issues/4", - "refsource" : "MISC", - "url" : "https://github.com/Gurpartap/aescrypt/issues/4" - }, - { - "name" : "98035", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98035" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Gurpartap/aescrypt/issues/4", + "refsource": "MISC", + "url": "https://github.com/Gurpartap/aescrypt/issues/4" + }, + { + "name": "98035", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98035" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10164.json b/2017/10xxx/CVE-2017-10164.json index 96189c4bfc9..6a3b37e1338 100644 --- a/2017/10xxx/CVE-2017-10164.json +++ b/2017/10xxx/CVE-2017-10164.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10164", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise FIN Staffing Front Office", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "9.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Staffing Front Office). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise FSCM accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise FSCM accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise FIN Staffing Front Office", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "101479", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101479" - }, - { - "name" : "1039598", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039598" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Staffing Front Office). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise FSCM accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise FSCM accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039598", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039598" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "101479", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101479" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10554.json b/2017/10xxx/CVE-2017-10554.json index f40a072fcf3..34f73169280 100644 --- a/2017/10xxx/CVE-2017-10554.json +++ b/2017/10xxx/CVE-2017-10554.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10554", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10554", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10560.json b/2017/10xxx/CVE-2017-10560.json index c5cfc0a4e28..5be80b13bac 100644 --- a/2017/10xxx/CVE-2017-10560.json +++ b/2017/10xxx/CVE-2017-10560.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10560", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10560", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12002.json b/2017/12xxx/CVE-2017-12002.json index 1067a36150a..a41f9901738 100644 --- a/2017/12xxx/CVE-2017-12002.json +++ b/2017/12xxx/CVE-2017-12002.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12002", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12002", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12296.json b/2017/12xxx/CVE-2017-12296.json index f6ab8f4533d..7147f5b8d31 100644 --- a/2017/12xxx/CVE-2017-12296.json +++ b/2017/12xxx/CVE-2017-12296.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco WebEx Meetings Server", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco WebEx Meetings Server" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf51241, CSCvf51261." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco WebEx Meetings Server", + "version": { + "version_data": [ + { + "version_value": "Cisco WebEx Meetings Server" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wms1", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wms1" - }, - { - "name" : "101489", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101489" - }, - { - "name" : "1039617", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039617" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf51241, CSCvf51261." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wms1", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wms1" + }, + { + "name": "1039617", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039617" + }, + { + "name": "101489", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101489" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12303.json b/2017/12xxx/CVE-2017-12303.json index eeba6fc8e72..1f225a441f5 100644 --- a/2017/12xxx/CVE-2017-12303.json +++ b/2017/12xxx/CVE-2017-12303.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Web Security Appliance", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Web Security Appliance" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured AMP file filtering rule. The file types affected are zipped or archived file types. The vulnerability is due to incorrect and different file hash values when AMP scans the file. An attacker could exploit this vulnerability by sending a crafted email file attachment through the targeted device. An exploit could allow the attacker to bypass a configured AMP file filter. Cisco Bug IDs: CSCvf52943." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-358" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Web Security Appliance", + "version": { + "version_data": [ + { + "version_value": "Cisco Web Security Appliance" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-wsa", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-wsa" - }, - { - "name" : "101932", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101932" - }, - { - "name" : "1039828", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039828" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured AMP file filtering rule. The file types affected are zipped or archived file types. The vulnerability is due to incorrect and different file hash values when AMP scans the file. An attacker could exploit this vulnerability by sending a crafted email file attachment through the targeted device. An exploit could allow the attacker to bypass a configured AMP file filter. Cisco Bug IDs: CSCvf52943." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-358" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039828", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039828" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-wsa", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-wsa" + }, + { + "name": "101932", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101932" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12996.json b/2017/12xxx/CVE-2017-12996.json index 59d74cd1005..edc5ac8c1f5 100644 --- a/2017/12xxx/CVE-2017-12996.json +++ b/2017/12xxx/CVE-2017-12996.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12996", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tcpdump.org/tcpdump-changes.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tcpdump.org/tcpdump-changes.txt" - }, - { - "name" : "https://github.com/the-tcpdump-group/tcpdump/commit/6fca58f5f9c96749a575f52e20598ad43f5bdf30", - "refsource" : "CONFIRM", - "url" : "https://github.com/the-tcpdump-group/tcpdump/commit/6fca58f5f9c96749a575f52e20598ad43f5bdf30" - }, - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "DSA-3971", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3971" - }, - { - "name" : "GLSA-201709-23", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-23" - }, - { - "name" : "RHEA-2018:0705", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHEA-2018:0705" - }, - { - "name" : "1039307", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201709-23", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-23" + }, + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "DSA-3971", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3971" + }, + { + "name": "1039307", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039307" + }, + { + "name": "https://github.com/the-tcpdump-group/tcpdump/commit/6fca58f5f9c96749a575f52e20598ad43f5bdf30", + "refsource": "CONFIRM", + "url": "https://github.com/the-tcpdump-group/tcpdump/commit/6fca58f5f9c96749a575f52e20598ad43f5bdf30" + }, + { + "name": "http://www.tcpdump.org/tcpdump-changes.txt", + "refsource": "CONFIRM", + "url": "http://www.tcpdump.org/tcpdump-changes.txt" + }, + { + "name": "RHEA-2018:0705", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHEA-2018:0705" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13225.json b/2017/13xxx/CVE-2017-13225.json index 583e77063d4..4328f32b85d 100644 --- a/2017/13xxx/CVE-2017-13225.json +++ b/2017/13xxx/CVE-2017-13225.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-01-02T00:00:00", - "ID" : "CVE-2017-13225", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In libMtkOmxVdec.so there is a possible heap buffer overflow. This could lead to a remote elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38308024. References: M-ALPS03495789." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-01-02T00:00:00", + "ID": "CVE-2017-13225", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-01-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-01-01" - }, - { - "name" : "102420", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102420" - }, - { - "name" : "1040106", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In libMtkOmxVdec.so there is a possible heap buffer overflow. This could lead to a remote elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38308024. References: M-ALPS03495789." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-01-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-01-01" + }, + { + "name": "1040106", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040106" + }, + { + "name": "102420", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102420" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13597.json b/2017/13xxx/CVE-2017-13597.json index 9ab7dd8008f..7d2cc881ed7 100644 --- a/2017/13xxx/CVE-2017-13597.json +++ b/2017/13xxx/CVE-2017-13597.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13597", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13597", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13632.json b/2017/13xxx/CVE-2017-13632.json index c355bb28dca..22489f677fc 100644 --- a/2017/13xxx/CVE-2017-13632.json +++ b/2017/13xxx/CVE-2017-13632.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13632", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13632", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13682.json b/2017/13xxx/CVE-2017-13682.json index f534e75c990..e6844fe47ee 100644 --- a/2017/13xxx/CVE-2017-13682.json +++ b/2017/13xxx/CVE-2017-13682.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@symantec.com", - "ID" : "CVE-2017-13682", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Symantec Encryption Desktop", - "version" : { - "version_data" : [ - { - "version_value" : "prior to SED 10.4.1 MP2HF1" - } - ] - } - } - ] - }, - "vendor_name" : "Symantec Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way that memory which is no longer needed is not released. In object-oriented programming, a memory leak may happen when an object is stored in memory but cannot be accessed by the running code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Kernel Memory Leak" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2017-13682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Symantec Encryption Desktop", + "version": { + "version_data": [ + { + "version_value": "prior to SED 10.4.1 MP2HF1" + } + ] + } + } + ] + }, + "vendor_name": "Symantec Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171009_00", - "refsource" : "CONFIRM", - "url" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171009_00" - }, - { - "name" : "101497", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way that memory which is no longer needed is not released. In object-oriented programming, a memory leak may happen when an object is stored in memory but cannot be accessed by the running code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Kernel Memory Leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171009_00", + "refsource": "CONFIRM", + "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171009_00" + }, + { + "name": "101497", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101497" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13693.json b/2017/13xxx/CVE-2017-13693.json index 0f05a6f6f96..bf64769f89e 100644 --- a/2017/13xxx/CVE-2017-13693.json +++ b/2017/13xxx/CVE-2017-13693.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13693", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13693", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/acpica/acpica/pull/295/commits/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732", - "refsource" : "MISC", - "url" : "https://github.com/acpica/acpica/pull/295/commits/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732" - }, - { - "name" : "https://patchwork.kernel.org/patch/9919053/", - "refsource" : "MISC", - "url" : "https://patchwork.kernel.org/patch/9919053/" - }, - { - "name" : "100502", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100502" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://patchwork.kernel.org/patch/9919053/", + "refsource": "MISC", + "url": "https://patchwork.kernel.org/patch/9919053/" + }, + { + "name": "https://github.com/acpica/acpica/pull/295/commits/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732", + "refsource": "MISC", + "url": "https://github.com/acpica/acpica/pull/295/commits/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732" + }, + { + "name": "100502", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100502" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17008.json b/2017/17xxx/CVE-2017-17008.json index 5df025fa070..32aef2134c4 100644 --- a/2017/17xxx/CVE-2017-17008.json +++ b/2017/17xxx/CVE-2017-17008.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17008", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-17008", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17009.json b/2017/17xxx/CVE-2017-17009.json index 23265010783..4ec7df79c55 100644 --- a/2017/17xxx/CVE-2017-17009.json +++ b/2017/17xxx/CVE-2017-17009.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17009", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-17009", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17214.json b/2017/17xxx/CVE-2017-17214.json index e8133c1d59e..78810329cb0 100644 --- a/2017/17xxx/CVE-2017-17214.json +++ b/2017/17xxx/CVE-2017-17214.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17214", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-17214", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17314.json b/2017/17xxx/CVE-2017-17314.json index ad751d19808..ffcd25663b4 100644 --- a/2017/17xxx/CVE-2017-17314.json +++ b/2017/17xxx/CVE-2017-17314.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-17314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DP300, RP200, TE30, TE40, TE50, TE60", - "version" : { - "version_data" : [ - { - "version_value" : "DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an invalid memory access vulnerability. An unauthenticated attacker has to find a way to send malformed SCCP messages to the affected products. Due to insufficient input validation of some values in the messages, successful exploit may cause buffer error and some service abnormal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "invalid memory access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-17314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DP300, RP200, TE30, TE40, TE50, TE60", + "version": { + "version_data": [ + { + "version_value": "DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180425-02-buffer-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180425-02-buffer-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an invalid memory access vulnerability. An unauthenticated attacker has to find a way to send malformed SCCP messages to the affected products. Due to insufficient input validation of some values in the messages, successful exploit may cause buffer error and some service abnormal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "invalid memory access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180425-02-buffer-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180425-02-buffer-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17348.json b/2017/17xxx/CVE-2017-17348.json index 543ce8d2450..c1a7d46fe75 100644 --- a/2017/17xxx/CVE-2017-17348.json +++ b/2017/17xxx/CVE-2017-17348.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17348", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17348", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17847.json b/2017/17xxx/CVE-2017-17847.json index ceda695017d..368f59e0e3a 100644 --- a/2017/17xxx/CVE-2017-17847.json +++ b/2017/17xxx/CVE-2017-17847.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17847", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message with an attachment that is a signed e-mail message in message/rfc822 format." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171223 [SECURITY] [DLA 1219-1] enigmail security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00021.html" - }, - { - "name" : "https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf", - "refsource" : "MISC", - "url" : "https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf" - }, - { - "name" : "https://lists.debian.org/debian-security-announce/2017/msg00333.html", - "refsource" : "MISC", - "url" : "https://lists.debian.org/debian-security-announce/2017/msg00333.html" - }, - { - "name" : "https://sourceforge.net/p/enigmail/bugs/709/", - "refsource" : "MISC", - "url" : "https://sourceforge.net/p/enigmail/bugs/709/" - }, - { - "name" : "https://www.mail-archive.com/enigmail-users@enigmail.net/msg04280.html", - "refsource" : "MISC", - "url" : "https://www.mail-archive.com/enigmail-users@enigmail.net/msg04280.html" - }, - { - "name" : "DSA-4070", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message with an attachment that is a signed e-mail message in message/rfc822 format." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf", + "refsource": "MISC", + "url": "https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf" + }, + { + "name": "https://sourceforge.net/p/enigmail/bugs/709/", + "refsource": "MISC", + "url": "https://sourceforge.net/p/enigmail/bugs/709/" + }, + { + "name": "https://lists.debian.org/debian-security-announce/2017/msg00333.html", + "refsource": "MISC", + "url": "https://lists.debian.org/debian-security-announce/2017/msg00333.html" + }, + { + "name": "https://www.mail-archive.com/enigmail-users@enigmail.net/msg04280.html", + "refsource": "MISC", + "url": "https://www.mail-archive.com/enigmail-users@enigmail.net/msg04280.html" + }, + { + "name": "[debian-lts-announce] 20171223 [SECURITY] [DLA 1219-1] enigmail security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00021.html" + }, + { + "name": "DSA-4070", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4070" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0699.json b/2018/0xxx/CVE-2018-0699.json index 49899904e29..c3fe9e9e9d0 100755 --- a/2018/0xxx/CVE-2018-0699.json +++ b/2018/0xxx/CVE-2018-0699.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "YukiWiki", - "version" : { - "version_data" : [ - { - "version_value" : "2.1.3 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Hiroshi Yuki" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in YukiWiki 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "YukiWiki", + "version": { + "version_data": [ + { + "version_value": "2.1.3 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Hiroshi Yuki" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hyuki.com/yukiwiki/", - "refsource" : "MISC", - "url" : "http://www.hyuki.com/yukiwiki/" - }, - { - "name" : "JVN#36343375", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN36343375/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in YukiWiki 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#36343375", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN36343375/index.html" + }, + { + "name": "http://www.hyuki.com/yukiwiki/", + "refsource": "MISC", + "url": "http://www.hyuki.com/yukiwiki/" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18516.json b/2018/18xxx/CVE-2018-18516.json index 4de3764e686..d740f61dcf0 100644 --- a/2018/18xxx/CVE-2018-18516.json +++ b/2018/18xxx/CVE-2018-18516.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18516", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18516", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18877.json b/2018/18xxx/CVE-2018-18877.json index bdcee4b658e..88c0b0df88e 100644 --- a/2018/18xxx/CVE-2018-18877.json +++ b/2018/18xxx/CVE-2018-18877.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18877", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18877", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19113.json b/2018/19xxx/CVE-2018-19113.json index f7976079fb8..bc9b3ec3c75 100644 --- a/2018/19xxx/CVE-2018-19113.json +++ b/2018/19xxx/CVE-2018-19113.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19113", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19113", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19434.json b/2018/19xxx/CVE-2018-19434.json index 9630c9df74f..38c3a07a777 100644 --- a/2018/19xxx/CVE-2018-19434.json +++ b/2018/19xxx/CVE-2018-19434.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19434", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on the \"Bank Account Matching - Receipts\" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear_ parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/eddietcc/CVEnotes/tree/master/webERP_4.15_BankMatching", - "refsource" : "MISC", - "url" : "https://github.com/eddietcc/CVEnotes/tree/master/webERP_4.15_BankMatching" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on the \"Bank Account Matching - Receipts\" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear_ parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/eddietcc/CVEnotes/tree/master/webERP_4.15_BankMatching", + "refsource": "MISC", + "url": "https://github.com/eddietcc/CVEnotes/tree/master/webERP_4.15_BankMatching" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19751.json b/2018/19xxx/CVE-2018-19751.json index 4f3910039bc..0b068c8cac0 100644 --- a/2018/19xxx/CVE-2018-19751.json +++ b/2018/19xxx/CVE-2018-19751.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19751", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19751", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45947", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45947/" - }, - { - "name" : "https://github.com/domainmod/domainmod/issues/83", - "refsource" : "MISC", - "url" : "https://github.com/domainmod/domainmod/issues/83" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45947", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45947/" + }, + { + "name": "https://github.com/domainmod/domainmod/issues/83", + "refsource": "MISC", + "url": "https://github.com/domainmod/domainmod/issues/83" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19919.json b/2018/19xxx/CVE-2018-19919.json index 57d9ff291bb..f630208c46d 100644 --- a/2018/19xxx/CVE-2018-19919.json +++ b/2018/19xxx/CVE-2018-19919.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php data[title] parameter, as demonstrated by a crafted onload attribute of an SVG element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/pixelimity/pixelimity/issues/19", - "refsource" : "MISC", - "url" : "https://github.com/pixelimity/pixelimity/issues/19" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php data[title] parameter, as demonstrated by a crafted onload attribute of an SVG element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/pixelimity/pixelimity/issues/19", + "refsource": "MISC", + "url": "https://github.com/pixelimity/pixelimity/issues/19" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1049.json b/2018/1xxx/CVE-2018-1049.json index 83afbb290bb..d0341562f95 100644 --- a/2018/1xxx/CVE-2018-1049.json +++ b/2018/1xxx/CVE-2018-1049.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2018-02-16T00:00:00", - "ID" : "CVE-2018-1049", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "systemd", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 234" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-362" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2018-02-16T00:00:00", + "ID": "CVE-2018-1049", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "systemd", + "version": { + "version_data": [ + { + "version_value": "prior to 234" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1534701", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1534701" - }, - { - "name" : "RHSA-2018:0260", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0260" - }, - { - "name" : "USN-3558-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3558-1/" - }, - { - "name" : "1041520", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041520" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-362" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041520", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041520" + }, + { + "name": "[debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html" + }, + { + "name": "RHSA-2018:0260", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0260" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1534701", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534701" + }, + { + "name": "USN-3558-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3558-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1358.json b/2018/1xxx/CVE-2018-1358.json index 840a15cce27..bc47085d74c 100644 --- a/2018/1xxx/CVE-2018-1358.json +++ b/2018/1xxx/CVE-2018-1358.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1358", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1358", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1826.json b/2018/1xxx/CVE-2018-1826.json index 3491f810b98..716d9782689 100644 --- a/2018/1xxx/CVE-2018-1826.json +++ b/2018/1xxx/CVE-2018-1826.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1826", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1826", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5055.json b/2018/5xxx/CVE-2018-5055.json index 7acd0016136..c13dd4519ce 100644 --- a/2018/5xxx/CVE-2018-5055.json +++ b/2018/5xxx/CVE-2018-5055.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-5055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-5055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" - }, - { - "name" : "104699", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104699" - }, - { - "name" : "1041250", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" + }, + { + "name": "104699", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104699" + }, + { + "name": "1041250", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041250" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5174.json b/2018/5xxx/CVE-2018-5174.json index d15b0280b75..8f1e7286443 100644 --- a/2018/5xxx/CVE-2018-5174.json +++ b/2018/5xxx/CVE-2018-5174.json @@ -1,121 +1,121 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-5174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.8" - } - ] - } - }, - { - "product_name" : "Thunderbird ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.8" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "60" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.8" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the \"SEE_MASK_FLAG_NO_UI\" flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and if the user is offline all files will be allowed to be opened because Windows won't prompt the user to ask what to do. Firefox incorrectly sets this flag when downloading files, leading to less secure behavior from SmartScreen. Note: this issue only affects Windows 10 users running the April 2018 update or later. It does not affect other Windows users or other operating systems. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-5174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.8" + } + ] + } + }, + { + "product_name": "Thunderbird ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.8" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "60" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.8" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1447080", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1447080" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-11/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-11/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-12/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-12/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-13/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-13/" - }, - { - "name" : "104136", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104136" - }, - { - "name" : "1040896", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040896" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the \"SEE_MASK_FLAG_NO_UI\" flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and if the user is offline all files will be allowed to be opened because Windows won't prompt the user to ask what to do. Firefox incorrectly sets this flag when downloading files, leading to less secure behavior from SmartScreen. Note: this issue only affects Windows 10 users running the April 2018 update or later. It does not affect other Windows users or other operating systems. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1447080", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1447080" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-13/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-13/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-11/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-11/" + }, + { + "name": "1040896", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040896" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-12/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-12/" + }, + { + "name": "104136", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104136" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5342.json b/2018/5xxx/CVE-2018-5342.json index a0e376d2e74..af497081d3f 100644 --- a/2018/5xxx/CVE-2018-5342.json +++ b/2018/5xxx/CVE-2018-5342.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5342", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: network services (Desktop Central and PostgreSQL) running with a superuser account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central/", - "refsource" : "MISC", - "url" : "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: network services (Desktop Central and PostgreSQL) running with a superuser account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central/", + "refsource": "MISC", + "url": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central/" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5775.json b/2018/5xxx/CVE-2018-5775.json index 38abdda90bf..160deec2acf 100644 --- a/2018/5xxx/CVE-2018-5775.json +++ b/2018/5xxx/CVE-2018-5775.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5775", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5775", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file