diff --git a/2008/0xxx/CVE-2008-0035.json b/2008/0xxx/CVE-2008-0035.json index 165ff9d46f8..63bbac4e38e 100644 --- a/2008/0xxx/CVE-2008-0035.json +++ b/2008/0xxx/CVE-2008-0035.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0035", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0035", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=307430", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307430" - }, - { - "name" : "APPLE-SA-2008-01-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html" - }, - { - "name" : "APPLE-SA-2008-02-11", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=307302", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307302" - }, - { - "name" : "TA08-043B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-043B.html" - }, - { - "name" : "27296", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27296" - }, - { - "name" : "ADV-2008-0147", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0147" - }, - { - "name" : "ADV-2008-0495", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0495/references" - }, - { - "name" : "1019220", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019220" - }, - { - "name" : "28497", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28497" - }, - { - "name" : "28891", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28891" - }, - { - "name" : "iphone-ipod-foundation-code-execution(39700)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39700" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://docs.info.apple.com/article.html?artnum=307430", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307430" + }, + { + "name": "28891", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28891" + }, + { + "name": "27296", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27296" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307302", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307302" + }, + { + "name": "ADV-2008-0495", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0495/references" + }, + { + "name": "iphone-ipod-foundation-code-execution(39700)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39700" + }, + { + "name": "28497", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28497" + }, + { + "name": "TA08-043B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-043B.html" + }, + { + "name": "APPLE-SA-2008-01-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html" + }, + { + "name": "APPLE-SA-2008-02-11", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html" + }, + { + "name": "1019220", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019220" + }, + { + "name": "ADV-2008-0147", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0147" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0106.json b/2008/0xxx/CVE-2008-0106.json index a3c575310e8..11421134549 100644 --- a/2008/0xxx/CVE-2008-0106.json +++ b/2008/0xxx/CVE-2008-0106.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-0106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/494082/100/0/threaded" - }, - { - "name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" - }, - { - "name" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" - }, - { - "name" : "MS08-040", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040" - }, - { - "name" : "TA08-190A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-190A.html" - }, - { - "name" : "oval:org.mitre.oval:def:13785", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785" - }, - { - "name" : "ADV-2008-2022", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2022/references" - }, - { - "name" : "1020441", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020441" - }, - { - "name" : "30970", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30970" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1020441", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020441" + }, + { + "name": "30970", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30970" + }, + { + "name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" + }, + { + "name": "ADV-2008-2022", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2022/references" + }, + { + "name": "MS08-040", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040" + }, + { + "name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + }, + { + "name": "TA08-190A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html" + }, + { + "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:13785", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0640.json b/2008/0xxx/CVE-2008-0640.json index d31f4a5d67a..de59ea24e35 100644 --- a/2008/0xxx/CVE-2008-0640.json +++ b/2008/0xxx/CVE-2008-0640.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0640", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/avcenter/security/Content/2008.02.07.html", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/avcenter/security/Content/2008.02.07.html" - }, - { - "name" : "27644", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27644" - }, - { - "name" : "ADV-2008-0474", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0474" - }, - { - "name" : "1019356", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019356" - }, - { - "name" : "28853", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28853" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28853", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28853" + }, + { + "name": "ADV-2008-0474", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0474" + }, + { + "name": "1019356", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019356" + }, + { + "name": "27644", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27644" + }, + { + "name": "http://www.symantec.com/avcenter/security/Content/2008.02.07.html", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/avcenter/security/Content/2008.02.07.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0797.json b/2008/0xxx/CVE-2008-0797.json index 0f08dbbe684..27b74bc7e04 100644 --- a/2008/0xxx/CVE-2008-0797.json +++ b/2008/0xxx/CVE-2008-0797.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in lib/download.php in iTheora 1.0 rc1 allows remote attackers to read arbitrary files via directory traversal sequences in the url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://en.wikipedia.org/wiki/Talk:Itheora", - "refsource" : "MISC", - "url" : "http://en.wikipedia.org/wiki/Talk:Itheora" - }, - { - "name" : "http://menguy.aymeric.free.fr/theora/news.php", - "refsource" : "CONFIRM", - "url" : "http://menguy.aymeric.free.fr/theora/news.php" - }, - { - "name" : "27788", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27788" - }, - { - "name" : "28929", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28929" - }, - { - "name" : "itheora-download-directory-traversal(40506)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40506" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in lib/download.php in iTheora 1.0 rc1 allows remote attackers to read arbitrary files via directory traversal sequences in the url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "itheora-download-directory-traversal(40506)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40506" + }, + { + "name": "28929", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28929" + }, + { + "name": "27788", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27788" + }, + { + "name": "http://menguy.aymeric.free.fr/theora/news.php", + "refsource": "CONFIRM", + "url": "http://menguy.aymeric.free.fr/theora/news.php" + }, + { + "name": "http://en.wikipedia.org/wiki/Talk:Itheora", + "refsource": "MISC", + "url": "http://en.wikipedia.org/wiki/Talk:Itheora" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0970.json b/2008/0xxx/CVE-2008-0970.json index f18fe7b31d8..13a43b7c40e 100644 --- a/2008/0xxx/CVE-2008-0970.json +++ b/2008/0xxx/CVE-2008-0970.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0970", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0970", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1072.json b/2008/1xxx/CVE-2008-1072.json index f1e913d1700..84662046fae 100644 --- a/2008/1xxx/CVE-2008-1072.json +++ b/2008/1xxx/CVE-2008-1072.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1072", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1072", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080229 rPSA-2008-0092-1 tshark wireshark", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488967/100/0/threaded" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2008-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2008-01.html" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0092", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0092" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2296", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2296" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm" - }, - { - "name" : "FEDORA-2008-2941", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00140.html" - }, - { - "name" : "FEDORA-2008-3040", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00228.html" - }, - { - "name" : "GLSA-200803-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200803-32.xml" - }, - { - "name" : "MDVSA-2008:057", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:057" - }, - { - "name" : "RHSA-2008:0890", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0890.html" - }, - { - "name" : "SUSE-SR:2008:005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" - }, - { - "name" : "28025", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28025" - }, - { - "name" : "oval:org.mitre.oval:def:10188", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10188" - }, - { - "name" : "ADV-2008-0704", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0704" - }, - { - "name" : "ADV-2008-2773", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2773" - }, - { - "name" : "1019515", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019515" - }, - { - "name" : "29156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29156" - }, - { - "name" : "29188", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29188" - }, - { - "name" : "29223", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29223" - }, - { - "name" : "29242", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29242" - }, - { - "name" : "29511", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29511" - }, - { - "name" : "29736", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29736" - }, - { - "name" : "32091", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32091" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200803-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200803-32.xml" + }, + { + "name": "RHSA-2008:0890", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0890.html" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2008-01.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2008-01.html" + }, + { + "name": "FEDORA-2008-3040", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00228.html" + }, + { + "name": "29188", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29188" + }, + { + "name": "oval:org.mitre.oval:def:10188", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10188" + }, + { + "name": "29242", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29242" + }, + { + "name": "29511", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29511" + }, + { + "name": "SUSE-SR:2008:005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" + }, + { + "name": "20080229 rPSA-2008-0092-1 tshark wireshark", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488967/100/0/threaded" + }, + { + "name": "1019515", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019515" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0092", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0092" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm" + }, + { + "name": "32091", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32091" + }, + { + "name": "29736", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29736" + }, + { + "name": "ADV-2008-2773", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2773" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2296", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2296" + }, + { + "name": "ADV-2008-0704", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0704" + }, + { + "name": "28025", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28025" + }, + { + "name": "MDVSA-2008:057", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:057" + }, + { + "name": "29156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29156" + }, + { + "name": "FEDORA-2008-2941", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00140.html" + }, + { + "name": "29223", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29223" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1350.json b/2008/1xxx/CVE-2008-1350.json index 109bc001b5a..02736a89d66 100644 --- a/2008/1xxx/CVE-2008-1350.json +++ b/2008/1xxx/CVE-2008-1350.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in kb.php in Fully Modded phpBB (phpbbfm) 80220 allows remote attackers to execute arbitrary SQL commands via the k parameter in an article action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080312 Powered by phpBB 2001, 2006 (SQL)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489468/100/0/threaded" - }, - { - "name" : "5243", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5243" - }, - { - "name" : "28225", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28225" - }, - { - "name" : "29339", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29339" - }, - { - "name" : "3745", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3745" - }, - { - "name" : "phpbb-kb-sql-injection(41192)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in kb.php in Fully Modded phpBB (phpbbfm) 80220 allows remote attackers to execute arbitrary SQL commands via the k parameter in an article action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpbb-kb-sql-injection(41192)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41192" + }, + { + "name": "3745", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3745" + }, + { + "name": "5243", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5243" + }, + { + "name": "29339", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29339" + }, + { + "name": "28225", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28225" + }, + { + "name": "20080312 Powered by phpBB 2001, 2006 (SQL)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489468/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1733.json b/2008/1xxx/CVE-2008-1733.json index 4592d473bda..82e83839356 100644 --- a/2008/1xxx/CVE-2008-1733.json +++ b/2008/1xxx/CVE-2008-1733.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in puarcade.class.php 2.2 and earlier in the Pragmatic Utopia PU Arcade (com_puarcade) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080409 Pu Arcade component for Joomla - SQL injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490626/100/0/threaded" - }, - { - "name" : "28701", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28701" - }, - { - "name" : "44391", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/44391" - }, - { - "name" : "3807", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3807" - }, - { - "name" : "puarcade-gid-sql-injection(41726)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in puarcade.class.php 2.2 and earlier in the Pragmatic Utopia PU Arcade (com_puarcade) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "puarcade-gid-sql-injection(41726)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41726" + }, + { + "name": "20080409 Pu Arcade component for Joomla - SQL injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490626/100/0/threaded" + }, + { + "name": "3807", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3807" + }, + { + "name": "28701", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28701" + }, + { + "name": "44391", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/44391" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1935.json b/2008/1xxx/CVE-2008-1935.json index d4d2a9d49b2..838fcb59d39 100644 --- a/2008/1xxx/CVE-2008-1935.json +++ b/2008/1xxx/CVE-2008-1935.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the idFiliale parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5488", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5488" - }, - { - "name" : "28900", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28900" - }, - { - "name" : "ADV-2008-1346", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1346/references" - }, - { - "name" : "filiale-index-sql-injection(41980)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41980" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the idFiliale parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28900", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28900" + }, + { + "name": "ADV-2008-1346", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1346/references" + }, + { + "name": "filiale-index-sql-injection(41980)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41980" + }, + { + "name": "5488", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5488" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3834.json b/2008/3xxx/CVE-2008-3834.json index e506f43dbdb..4b0660888da 100644 --- a/2008/3xxx/CVE-2008-3834.json +++ b/2008/3xxx/CVE-2008-3834.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-3834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7822", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7822" - }, - { - "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=17803", - "refsource" : "CONFIRM", - "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=17803" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834" - }, - { - "name" : "http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a", - "refsource" : "CONFIRM", - "url" : "http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" - }, - { - "name" : "DSA-1658", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1658" - }, - { - "name" : "FEDORA-2008-8764", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00298.html" - }, - { - "name" : "MDVSA-2008:213", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:213" - }, - { - "name" : "RHSA-2009:0008", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0008.html" - }, - { - "name" : "SUSE-SR:2008:027", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html" - }, - { - "name" : "openSUSE-SU-2012:1418", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html" - }, - { - "name" : "USN-653-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-653-1" - }, - { - "name" : "31602", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31602" - }, - { - "name" : "oval:org.mitre.oval:def:10253", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10253" - }, - { - "name" : "ADV-2008-2762", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2762" - }, - { - "name" : "1021063", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021063" - }, - { - "name" : "32127", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32127" - }, - { - "name" : "32281", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32281" - }, - { - "name" : "32385", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32385" - }, - { - "name" : "32230", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32230" - }, - { - "name" : "33396", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33396" - }, - { - "name" : "dbus-dbusvalidatesignaturewithreason-dos(45701)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45701" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2008:213", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:213" + }, + { + "name": "DSA-1658", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1658" + }, + { + "name": "31602", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31602" + }, + { + "name": "openSUSE-SU-2012:1418", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html" + }, + { + "name": "https://bugs.freedesktop.org/show_bug.cgi?id=17803", + "refsource": "CONFIRM", + "url": "https://bugs.freedesktop.org/show_bug.cgi?id=17803" + }, + { + "name": "1021063", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021063" + }, + { + "name": "dbus-dbusvalidatesignaturewithreason-dos(45701)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45701" + }, + { + "name": "7822", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7822" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834" + }, + { + "name": "32385", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32385" + }, + { + "name": "SUSE-SR:2008:027", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html" + }, + { + "name": "32281", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32281" + }, + { + "name": "FEDORA-2008-8764", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00298.html" + }, + { + "name": "http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a", + "refsource": "CONFIRM", + "url": "http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a" + }, + { + "name": "32230", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32230" + }, + { + "name": "oval:org.mitre.oval:def:10253", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10253" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" + }, + { + "name": "ADV-2008-2762", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2762" + }, + { + "name": "33396", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33396" + }, + { + "name": "32127", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32127" + }, + { + "name": "RHSA-2009:0008", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0008.html" + }, + { + "name": "USN-653-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-653-1" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4199.json b/2008/4xxx/CVE-2008-4199.json index 2a83c321688..b2aa50aabb3 100644 --- a/2008/4xxx/CVE-2008-4199.json +++ b/2008/4xxx/CVE-2008-4199.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving \"detection of JavaScript events and appropriate manipulation.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20080919 CVE request: Opera < 9.52 multiple vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/19/2" - }, - { - "name" : "[oss-security] 20080923 Re: CVE request: Opera < 9.52 multiple vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/24/4" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=235298", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=235298" - }, - { - "name" : "http://www.opera.com/docs/changelogs/freebsd/952/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/freebsd/952/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/linux/952/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/linux/952/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/mac/952/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/952/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/solaris/952/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/solaris/952/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/952/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/952/" - }, - { - "name" : "http://www.opera.com/support/search/view/896/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/search/view/896/" - }, - { - "name" : "GLSA-200811-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200811-01.xml" - }, - { - "name" : "30768", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30768" - }, - { - "name" : "1020722", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020722" - }, - { - "name" : "32538", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32538" - }, - { - "name" : "31549", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31549" - }, - { - "name" : "ADV-2008-2416", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2416" - }, - { - "name" : "opera-feedsource-info-disclosure(44557)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44557" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving \"detection of JavaScript events and appropriate manipulation.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-2416", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2416" + }, + { + "name": "http://www.opera.com/support/search/view/896/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/search/view/896/" + }, + { + "name": "32538", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32538" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/952/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/952/" + }, + { + "name": "http://www.opera.com/docs/changelogs/solaris/952/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/solaris/952/" + }, + { + "name": "opera-feedsource-info-disclosure(44557)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44557" + }, + { + "name": "1020722", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020722" + }, + { + "name": "30768", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30768" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/952/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/952/" + }, + { + "name": "http://www.opera.com/docs/changelogs/linux/952/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/linux/952/" + }, + { + "name": "[oss-security] 20080923 Re: CVE request: Opera < 9.52 multiple vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/24/4" + }, + { + "name": "[oss-security] 20080919 CVE request: Opera < 9.52 multiple vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/19/2" + }, + { + "name": "31549", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31549" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=235298", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=235298" + }, + { + "name": "http://www.opera.com/docs/changelogs/freebsd/952/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/freebsd/952/" + }, + { + "name": "GLSA-200811-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200811-01.xml" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4241.json b/2008/4xxx/CVE-2008-4241.json index 926bfbf7042..e72c218660a 100644 --- a/2008/4xxx/CVE-2008-4241.json +++ b/2008/4xxx/CVE-2008-4241.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4241", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via an SID cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4241", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6536", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6536" - }, - { - "name" : "31333", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31333" - }, - { - "name" : "ADV-2008-2651", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2651" - }, - { - "name" : "4316", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4316" - }, - { - "name" : "cjultraplus-sid-sql-injection(45458)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45458" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via an SID cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6536", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6536" + }, + { + "name": "31333", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31333" + }, + { + "name": "4316", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4316" + }, + { + "name": "ADV-2008-2651", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2651" + }, + { + "name": "cjultraplus-sid-sql-injection(45458)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45458" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4442.json b/2008/4xxx/CVE-2008-4442.json index 57a9b77db24..e94ab128429 100644 --- a/2008/4xxx/CVE-2008-4442.json +++ b/2008/4xxx/CVE-2008-4442.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4442", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4442", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5961.json b/2008/5xxx/CVE-2008-5961.json index 6bc59fc636e..8add3a9766f 100644 --- a/2008/5xxx/CVE-2008-5961.json +++ b/2008/5xxx/CVE-2008-5961.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Tribiq CMS Community 5.0.10B and 5.0.11E allows remote attackers to inject arbitrary web script or HTML via the cID parameter in a document action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "32650", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32650" - }, - { - "name" : "33021", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33021" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Tribiq CMS Community 5.0.10B and 5.0.11E allows remote attackers to inject arbitrary web script or HTML via the cID parameter in a document action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32650", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32650" + }, + { + "name": "33021", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33021" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2037.json b/2013/2xxx/CVE-2013-2037.json index 0815761c129..32a6a0bd125 100644 --- a/2013/2xxx/CVE-2013-2037.json +++ b/2013/2xxx/CVE-2013-2037.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130501 Re: CVE Request: httplib2 ssl cert incorrect error handling", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q2/257" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706602", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706602" - }, - { - "name" : "http://code.google.com/p/httplib2/issues/detail?id=282", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/httplib2/issues/detail?id=282" - }, - { - "name" : "https://bugs.launchpad.net/httplib2/+bug/1175272", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/httplib2/+bug/1175272" - }, - { - "name" : "USN-1948-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1948-1" - }, - { - "name" : "52179", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52179" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/httplib2/+bug/1175272", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/httplib2/+bug/1175272" + }, + { + "name": "[oss-security] 20130501 Re: CVE Request: httplib2 ssl cert incorrect error handling", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q2/257" + }, + { + "name": "http://code.google.com/p/httplib2/issues/detail?id=282", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/httplib2/issues/detail?id=282" + }, + { + "name": "USN-1948-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1948-1" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706602", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706602" + }, + { + "name": "52179", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52179" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2710.json b/2013/2xxx/CVE-2013-2710.json index 68e30fc8d3b..5a4380c3378 100644 --- a/2013/2xxx/CVE-2013-2710.json +++ b/2013/2xxx/CVE-2013-2710.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the Contextual Related Posts plugin before 1.8.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2013-2710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wordpress.org/plugins/contextual-related-posts/changelog/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/plugins/contextual-related-posts/changelog/" - }, - { - "name" : "59733", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59733" - }, - { - "name" : "52960", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52960" - }, - { - "name" : "contextual-cve20132710-unspecified-csrf(84100)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84100" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the Contextual Related Posts plugin before 1.8.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "contextual-cve20132710-unspecified-csrf(84100)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84100" + }, + { + "name": "59733", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59733" + }, + { + "name": "52960", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52960" + }, + { + "name": "http://wordpress.org/plugins/contextual-related-posts/changelog/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/plugins/contextual-related-posts/changelog/" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2780.json b/2013/2xxx/CVE-2013-2780.json index 186a135492a..41c4f615ddd 100644 --- a/2013/2xxx/CVE-2013-2780.json +++ b/2013/2xxx/CVE-2013-2780.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2780", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to UDP port 161 (aka the SNMP port)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2013-2780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to UDP port 161 (aka the SNMP port)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2925.json b/2013/2xxx/CVE-2013-2925.json index c545f4d6a1c..a2bcec97da6 100644 --- a/2013/2xxx/CVE-2013-2925.json +++ b/2013/2xxx/CVE-2013-2925.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2925", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in core/xml/XMLHttpRequest.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger multiple conflicting uses of the same XMLHttpRequest object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update_15.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update_15.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=292422", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=292422" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=158146&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=158146&view=revision" - }, - { - "name" : "DSA-2785", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2785" - }, - { - "name" : "openSUSE-SU-2013:1729", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00077.html" - }, - { - "name" : "openSUSE-SU-2013:1776", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html" - }, - { - "name" : "openSUSE-SU-2013:1861", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html" - }, - { - "name" : "openSUSE-SU-2014:0065", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html" - }, - { - "name" : "oval:org.mitre.oval:def:18866", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18866" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in core/xml/XMLHttpRequest.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger multiple conflicting uses of the same XMLHttpRequest object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=292422", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=292422" + }, + { + "name": "openSUSE-SU-2014:0065", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html" + }, + { + "name": "DSA-2785", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2785" + }, + { + "name": "openSUSE-SU-2013:1776", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=158146&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=158146&view=revision" + }, + { + "name": "openSUSE-SU-2013:1729", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00077.html" + }, + { + "name": "oval:org.mitre.oval:def:18866", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18866" + }, + { + "name": "openSUSE-SU-2013:1861", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update_15.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update_15.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3068.json b/2013/3xxx/CVE-2013-3068.json index bd900b98dbd..08e2e771a1c 100644 --- a/2013/3xxx/CVE-2013-3068.json +++ b/2013/3xxx/CVE-2013-3068.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and modify remote management ports." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://securityevaluators.com/knowledge/case_studies/routers/linksys_wrt310v2.php", - "refsource" : "MISC", - "url" : "http://securityevaluators.com/knowledge/case_studies/routers/linksys_wrt310v2.php" - }, - { - "name" : "http://securityevaluators.com/knowledge/case_studies/routers/soho_router_hacks.php", - "refsource" : "MISC", - "url" : "http://securityevaluators.com/knowledge/case_studies/routers/soho_router_hacks.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and modify remote management ports." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://securityevaluators.com/knowledge/case_studies/routers/linksys_wrt310v2.php", + "refsource": "MISC", + "url": "http://securityevaluators.com/knowledge/case_studies/routers/linksys_wrt310v2.php" + }, + { + "name": "http://securityevaluators.com/knowledge/case_studies/routers/soho_router_hacks.php", + "refsource": "MISC", + "url": "http://securityevaluators.com/knowledge/case_studies/routers/soho_router_hacks.php" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3069.json b/2013/3xxx/CVE-2013-3069.json index ed71b3c0966..138435d8685 100644 --- a/2013/3xxx/CVE-2013-3069.json +++ b/2013/3xxx/CVE-2013-3069.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf", - "refsource" : "MISC", - "url" : "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf" - }, - { - "name" : "92557", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/92557" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf", + "refsource": "MISC", + "url": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf" + }, + { + "name": "92557", + "refsource": "OSVDB", + "url": "http://osvdb.org/92557" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3104.json b/2013/3xxx/CVE-2013-3104.json index 36620f66691..bdf43c26492 100644 --- a/2013/3xxx/CVE-2013-3104.json +++ b/2013/3xxx/CVE-2013-3104.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3104", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3104", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3640.json b/2013/3xxx/CVE-2013-3640.json index 7f489141361..1e2ae963426 100644 --- a/2013/3xxx/CVE-2013-3640.json +++ b/2013/3xxx/CVE-2013-3640.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3640", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 12 and Pro Advanced before 12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2013-3640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#53579095", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN53579095/index.html" - }, - { - "name" : "JVNDB-2013-000049", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000049" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 12 and Pro Advanced before 12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#53579095", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN53579095/index.html" + }, + { + "name": "JVNDB-2013-000049", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000049" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4313.json b/2013/4xxx/CVE-2013-4313.json index 5f9916a5f8f..f5f56b6471c 100644 --- a/2013/4xxx/CVE-2013-4313.json +++ b/2013/4xxx/CVE-2013-4313.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40676", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40676" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=238396", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=238396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40676", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40676" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=238396", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=238396" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4374.json b/2013/4xxx/CVE-2013-4374.json index de3d28b5e28..2548f87e1ea 100644 --- a/2013/4xxx/CVE-2013-4374.json +++ b/2013/4xxx/CVE-2013-4374.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4374", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4374", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4607.json b/2013/4xxx/CVE-2013-4607.json index aca64e5325a..f9ce3c39764 100644 --- a/2013/4xxx/CVE-2013-4607.json +++ b/2013/4xxx/CVE-2013-4607.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4607", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4607", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4841.json b/2013/4xxx/CVE-2013-4841.json index 6ca4fb1c936..0b6ade1cc15 100644 --- a/2013/4xxx/CVE-2013-4841.json +++ b/2013/4xxx/CVE-2013-4841.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in dbd_manager in LeftHand OS before 11.0 in HP StoreVirtual 4000 and StoreVirtual VSA Software (formerly LeftHand Virtual SAN Appliance) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1509." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-4841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02937", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03995204" - }, - { - "name" : "SSRT100796", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03995204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in dbd_manager in LeftHand OS before 11.0 in HP StoreVirtual 4000 and StoreVirtual VSA Software (formerly LeftHand Virtual SAN Appliance) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1509." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBST02937", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03995204" + }, + { + "name": "SSRT100796", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03995204" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6287.json b/2013/6xxx/CVE-2013-6287.json index a0de68a028b..bbba9947038 100644 --- a/2013/6xxx/CVE-2013-6287.json +++ b/2013/6xxx/CVE-2013-6287.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6287", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6287", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6398.json b/2013/6xxx/CVE-2013-6398.json index 82bf4d6e9c3..ea38de8ebaf 100644 --- a/2013/6xxx/CVE-2013-6398.json +++ b/2013/6xxx/CVE-2013-6398.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6398", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-6398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.apache.org/cloudstack/entry/cve_2013_6398_cloudstack_virtual", - "refsource" : "CONFIRM", - "url" : "https://blogs.apache.org/cloudstack/entry/cve_2013_6398_cloudstack_virtual" - }, - { - "name" : "https://issues.apache.org/jira/browse/CLOUDSTACK-5263", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/CLOUDSTACK-5263" - }, - { - "name" : "http://support.citrix.com/article/CTX140989", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX140989" - }, - { - "name" : "69432", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69432" - }, - { - "name" : "1030762", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030762" - }, - { - "name" : "55960", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55960" - }, - { - "name" : "60284", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60284" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60284", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60284" + }, + { + "name": "55960", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55960" + }, + { + "name": "https://issues.apache.org/jira/browse/CLOUDSTACK-5263", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/CLOUDSTACK-5263" + }, + { + "name": "https://blogs.apache.org/cloudstack/entry/cve_2013_6398_cloudstack_virtual", + "refsource": "CONFIRM", + "url": "https://blogs.apache.org/cloudstack/entry/cve_2013_6398_cloudstack_virtual" + }, + { + "name": "69432", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69432" + }, + { + "name": "1030762", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030762" + }, + { + "name": "http://support.citrix.com/article/CTX140989", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX140989" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6882.json b/2013/6xxx/CVE-2013-6882.json index df7a9fb5229..63e49575493 100644 --- a/2013/6xxx/CVE-2013-6882.json +++ b/2013/6xxx/CVE-2013-6882.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6882", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in CRU Ditto Forensic FieldStation with firmware 2013Oct15a and earlier allow (1) remote attackers to inject arbitrary web script or HTML via the username parameter in a login or (2) remote authenticated users to inject arbitrary web script or HTML via unspecified form fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6882", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "30396", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/30396" - }, - { - "name" : "20131212 Ditto Forensic FieldStation, multiple vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Dec/80" - }, - { - "name" : "http://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct15a-XSS-CSRF-Command-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct15a-XSS-CSRF-Command-Execution.html" - }, - { - "name" : "100996", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/100996" - }, - { - "name" : "101000", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101000" - }, - { - "name" : "55989", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55989" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in CRU Ditto Forensic FieldStation with firmware 2013Oct15a and earlier allow (1) remote attackers to inject arbitrary web script or HTML via the username parameter in a login or (2) remote authenticated users to inject arbitrary web script or HTML via unspecified form fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55989", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55989" + }, + { + "name": "101000", + "refsource": "OSVDB", + "url": "http://osvdb.org/101000" + }, + { + "name": "http://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct15a-XSS-CSRF-Command-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct15a-XSS-CSRF-Command-Execution.html" + }, + { + "name": "20131212 Ditto Forensic FieldStation, multiple vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Dec/80" + }, + { + "name": "30396", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/30396" + }, + { + "name": "100996", + "refsource": "OSVDB", + "url": "http://osvdb.org/100996" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6964.json b/2013/6xxx/CVE-2013-6964.json index 6b269c7baa0..b54673eadbc 100644 --- a/2013/6xxx/CVE-2013-6964.json +++ b/2013/6xxx/CVE-2013-6964.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6964", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco WebEx Meeting Center allows remote authenticated users to bypass access control and inject content from a different WebEx site via unspecified vectors, aka Bug ID CSCul36197." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-6964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32158", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32158" - }, - { - "name" : "20131212 Cisco WebEx Business Suite Site Access Control Bypass Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6964" - }, - { - "name" : "64280", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64280" - }, - { - "name" : "100908", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/100908" - }, - { - "name" : "1029494", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029494" - }, - { - "name" : "cisco-webex-cve20136964-sec-bypass(89690)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89690" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco WebEx Meeting Center allows remote authenticated users to bypass access control and inject content from a different WebEx site via unspecified vectors, aka Bug ID CSCul36197." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100908", + "refsource": "OSVDB", + "url": "http://osvdb.org/100908" + }, + { + "name": "1029494", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029494" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32158", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32158" + }, + { + "name": "20131212 Cisco WebEx Business Suite Site Access Control Bypass Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6964" + }, + { + "name": "cisco-webex-cve20136964-sec-bypass(89690)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89690" + }, + { + "name": "64280", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64280" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7288.json b/2013/7xxx/CVE-2013-7288.json index 7753b568ec9..d484d5bf179 100644 --- a/2013/7xxx/CVE-2013-7288.json +++ b/2013/7xxx/CVE-2013-7288.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release", - "refsource" : "CONFIRM", - "url" : "http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release" - }, - { - "name" : "https://github.com/mybb/mybb/commit/238696e37d6a22b89e6bba11e4de3e6620cb5547", - "refsource" : "CONFIRM", - "url" : "https://github.com/mybb/mybb/commit/238696e37d6a22b89e6bba11e4de3e6620cb5547" - }, - { - "name" : "64570", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64570" - }, - { - "name" : "101544", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/101544" - }, - { - "name" : "55945", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/mybb/mybb/commit/238696e37d6a22b89e6bba11e4de3e6620cb5547", + "refsource": "CONFIRM", + "url": "https://github.com/mybb/mybb/commit/238696e37d6a22b89e6bba11e4de3e6620cb5547" + }, + { + "name": "http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release", + "refsource": "CONFIRM", + "url": "http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release" + }, + { + "name": "55945", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55945" + }, + { + "name": "64570", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64570" + }, + { + "name": "101544", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/101544" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10169.json b/2017/10xxx/CVE-2017-10169.json index 20dfe11bee6..1b55257c165 100644 --- a/2017/10xxx/CVE-2017-10169.json +++ b/2017/10xxx/CVE-2017-10169.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality 9700", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "4.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality 9700 component of Oracle Hospitality Applications (subcomponent: Operation Security). The supported version that is affected is 4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality 9700 executes to compromise Oracle Hospitality 9700. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality 9700 accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality 9700 executes to compromise Oracle Hospitality 9700. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality 9700 accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality 9700", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "99823", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99823" - }, - { - "name" : "1038941", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality 9700 component of Oracle Hospitality Applications (subcomponent: Operation Security). The supported version that is affected is 4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality 9700 executes to compromise Oracle Hospitality 9700. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality 9700 accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality 9700 executes to compromise Oracle Hospitality 9700. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality 9700 accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038941", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038941" + }, + { + "name": "99823", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99823" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10605.json b/2017/10xxx/CVE-2017-10605.json index 771228db1d2..80e69821e90 100644 --- a/2017/10xxx/CVE-2017-10605.json +++ b/2017/10xxx/CVE-2017-10605.json @@ -1,104 +1,104 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "DATE_PUBLIC" : "2017-07-12T09:00", - "ID" : "CVE-2017-10605", - "STATE" : "PUBLIC", - "TITLE" : "Junos: SRX Series denial of service vulnerability in flowd due to crafted DHCP packet" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Junos OS", - "version" : { - "version_data" : [ - { - "platform" : "vSRX or SRX Series", - "version_value" : "12.1X46 prior to 12.1X46-D67" - }, - { - "platform" : "vSRX or SRX Series", - "version_value" : "12.3X48 prior to 12.3X48-D50" - }, - { - "platform" : "vSRX or SRX Series", - "version_value" : "15.1X49 prior to 15.1X49-D91, 15.1X49-D100" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" - } - ] - } - }, - "configuration" : [ - { - "lang" : "eng", - "value" : "This issue only affects devices with DHCP or DHCP relay is configured." - } - ], - "credit" : [], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On all vSRX and SRX Series devices, when the DHCP or DHCP relay is configured, specially crafted packet might cause the flowd process to crash, halting or interrupting traffic from flowing through the device(s). Repeated crashes of the flowd process may constitute an extended denial of service condition for the device(s). If the device is configured in high-availability, the RG1+ (data-plane) will fail-over to the secondary node. If the device is configured in stand-alone, there will be temporary traffic interruption until the flowd process is restored automatically. Sustained crafted packets may cause the secondary failover node to fail back, or fail completely, potentially halting flowd on both nodes of the cluster or causing flip-flop failovers to occur. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D67 on vSRX or SRX Series; 12.3X48 prior to 12.3X48-D50 on vSRX or SRX Series; 15.1X49 prior to 15.1X49-D91, 15.1X49-D100 on vSRX or SRX Series." - } - ] - }, - "exploit" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability, however, the issue has been seen in a production network.", - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 8.6, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "NONE", - "integrityImpact" : "NONE", - "privilegesRequired" : "NONE", - "scope" : "CHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "denial of service vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2017-07-12T09:00", + "ID": "CVE-2017-10605", + "STATE": "PUBLIC", + "TITLE": "Junos: SRX Series denial of service vulnerability in flowd due to crafted DHCP packet" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "platform": "vSRX or SRX Series", + "version_value": "12.1X46 prior to 12.1X46-D67" + }, + { + "platform": "vSRX or SRX Series", + "version_value": "12.3X48 prior to 12.3X48-D50" + }, + { + "platform": "vSRX or SRX Series", + "version_value": "15.1X49 prior to 15.1X49-D91, 15.1X49-D100" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10789", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10789" - }, - { - "name" : "1038891", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038891" - } - ] - }, - "solution" : "The following software releases have been updated to resolve this specific issue: 12.1X46-D67, 12.3X48-D50, 15.1X49-D91, 15.1X49-D100, and all subsequent releases.\n\nThis issue is being tracked as PR 1270493 and is visible on the Customer Support website.", - "work_around" : [] -} + } + }, + "configuration": [ + { + "lang": "eng", + "value": "This issue only affects devices with DHCP or DHCP relay is configured." + } + ], + "credit": [], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On all vSRX and SRX Series devices, when the DHCP or DHCP relay is configured, specially crafted packet might cause the flowd process to crash, halting or interrupting traffic from flowing through the device(s). Repeated crashes of the flowd process may constitute an extended denial of service condition for the device(s). If the device is configured in high-availability, the RG1+ (data-plane) will fail-over to the secondary node. If the device is configured in stand-alone, there will be temporary traffic interruption until the flowd process is restored automatically. Sustained crafted packets may cause the secondary failover node to fail back, or fail completely, potentially halting flowd on both nodes of the cluster or causing flip-flop failovers to occur. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D67 on vSRX or SRX Series; 12.3X48 prior to 12.3X48-D50 on vSRX or SRX Series; 15.1X49 prior to 15.1X49-D91, 15.1X49-D100 on vSRX or SRX Series." + } + ] + }, + "exploit": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability, however, the issue has been seen in a production network.", + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038891", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038891" + }, + { + "name": "https://kb.juniper.net/JSA10789", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10789" + } + ] + }, + "solution": "The following software releases have been updated to resolve this specific issue: 12.1X46-D67, 12.3X48-D50, 15.1X49-D91, 15.1X49-D100, and all subsequent releases.\n\nThis issue is being tracked as PR 1270493 and is visible on the Customer Support website.", + "work_around": [] +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10632.json b/2017/10xxx/CVE-2017-10632.json index 27f06bd286a..1b1434ecef2 100644 --- a/2017/10xxx/CVE-2017-10632.json +++ b/2017/10xxx/CVE-2017-10632.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10632", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10632", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13236.json b/2017/13xxx/CVE-2017-13236.json index 4ee96b4ae21..8438794b3e3 100644 --- a/2017/13xxx/CVE-2017-13236.json +++ b/2017/13xxx/CVE-2017-13236.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-02-05T00:00:00", - "ID" : "CVE-2017-13236", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "8.0" - }, - { - "version_value" : "8.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the KeyStore service, there is a permissions bypass that allows access to protected resources. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217699." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-02-05T00:00:00", + "ID": "CVE-2017-13236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "8.0" + }, + { + "version_value": "8.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43996", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43996/" - }, - { - "name" : "https://source.android.com/security/bulletin/2018-02-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-02-01" - }, - { - "name" : "102979", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102979" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the KeyStore service, there is a permissions bypass that allows access to protected resources. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217699." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43996", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43996/" + }, + { + "name": "https://source.android.com/security/bulletin/2018-02-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-02-01" + }, + { + "name": "102979", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102979" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13335.json b/2017/13xxx/CVE-2017-13335.json index 1d7d9c02ded..1ea74e8d837 100644 --- a/2017/13xxx/CVE-2017-13335.json +++ b/2017/13xxx/CVE-2017-13335.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13335", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13335", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13532.json b/2017/13xxx/CVE-2017-13532.json index e6728f79c40..bc6a413110f 100644 --- a/2017/13xxx/CVE-2017-13532.json +++ b/2017/13xxx/CVE-2017-13532.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13532", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13532", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13746.json b/2017/13xxx/CVE-2017-13746.json index 664a76455ec..203567d1db7 100644 --- a/2017/13xxx/CVE-2017-13746.json +++ b/2017/13xxx/CVE-2017-13746.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1485286", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1485286" - }, - { - "name" : "100514", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100514" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100514", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100514" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1485286", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1485286" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17161.json b/2017/17xxx/CVE-2017-17161.json index cb24959ca4a..0a5c6047456 100644 --- a/2017/17xxx/CVE-2017-17161.json +++ b/2017/17xxx/CVE-2017-17161.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-17161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Duke-L09", - "version" : { - "version_data" : [ - { - "version_value" : "Earlier than Duke-L09C10B186 versions, Earlier than Duke-L09C432B187 versions, Earlier than Duke-L09C636B186 versions" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The 'Find Phone' function in some Huawei smart phones with software earlier than Duke-L09C10B186 versions, earlier than Duke-L09C432B187 versions, earlier than Duke-L09C636B186 versions has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "authentication bypass" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-17161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Duke-L09", + "version": { + "version_data": [ + { + "version_value": "Earlier than Duke-L09C10B186 versions, Earlier than Duke-L09C432B187 versions, Earlier than Duke-L09C636B186 versions" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-01-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-01-smartphone-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The 'Find Phone' function in some Huawei smart phones with software earlier than Duke-L09C10B186 versions, earlier than Duke-L09C432B187 versions, earlier than Duke-L09C636B186 versions has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "authentication bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-01-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-01-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17169.json b/2017/17xxx/CVE-2017-17169.json index 4d559328f17..8defd55eb24 100644 --- a/2017/17xxx/CVE-2017-17169.json +++ b/2017/17xxx/CVE-2017-17169.json @@ -1,110 +1,110 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-17169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DP300", - "version" : { - "version_data" : [ - { - "version_value" : "V500R002C00" - }, - { - "version_value" : "V500R002C00B010" - }, - { - "version_value" : "V500R002C00B011" - }, - { - "version_value" : "V500R002C00B012" - }, - { - "version_value" : "V500R002C00B013" - }, - { - "version_value" : "V500R002C00B014" - }, - { - "version_value" : "V500R002C00B017" - }, - { - "version_value" : "V500R002C00B018" - }, - { - "version_value" : "V500R002C00SPC100" - }, - { - "version_value" : "V500R002C00SPC200" - }, - { - "version_value" : "V500R002C00SPC300" - }, - { - "version_value" : "V500R002C00SPC400" - }, - { - "version_value" : "V500R002C00SPC500" - }, - { - "version_value" : "V500R002C00SPC600" - }, - { - "version_value" : "V500R002C00SPC800" - }, - { - "version_value" : "V500R002C00SPC900" - }, - { - "version_value" : "V500R002C00SPCa00" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00B012; V500R002C00B013; V500R002C00B014; V500R002C00B017; V500R002C00B018; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00 has an input validation vulnerability due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "input validation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-17169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DP300", + "version": { + "version_data": [ + { + "version_value": "V500R002C00" + }, + { + "version_value": "V500R002C00B010" + }, + { + "version_value": "V500R002C00B011" + }, + { + "version_value": "V500R002C00B012" + }, + { + "version_value": "V500R002C00B013" + }, + { + "version_value": "V500R002C00B014" + }, + { + "version_value": "V500R002C00B017" + }, + { + "version_value": "V500R002C00B018" + }, + { + "version_value": "V500R002C00SPC100" + }, + { + "version_value": "V500R002C00SPC200" + }, + { + "version_value": "V500R002C00SPC300" + }, + { + "version_value": "V500R002C00SPC400" + }, + { + "version_value": "V500R002C00SPC500" + }, + { + "version_value": "V500R002C00SPC600" + }, + { + "version_value": "V500R002C00SPC800" + }, + { + "version_value": "V500R002C00SPC900" + }, + { + "version_value": "V500R002C00SPCa00" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00B012; V500R002C00B013; V500R002C00B014; V500R002C00B017; V500R002C00B018; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00 has an input validation vulnerability due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "input validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17500.json b/2017/17xxx/CVE-2017-17500.json index e7e4fdce73b..c85ace30f4e 100644 --- a/2017/17xxx/CVE-2017-17500.json +++ b/2017/17xxx/CVE-2017-17500.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17500", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17500", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180108 [SECURITY] [DLA 1231-1] graphicsmagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00005.html" - }, - { - "name" : "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html" - }, - { - "name" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/1366f2dd9931", - "refsource" : "CONFIRM", - "url" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/1366f2dd9931" - }, - { - "name" : "https://sourceforge.net/p/graphicsmagick/bugs/523/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/graphicsmagick/bugs/523/" - }, - { - "name" : "DSA-4321", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4321" - }, - { - "name" : "102164", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4321", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4321" + }, + { + "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html" + }, + { + "name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/1366f2dd9931", + "refsource": "CONFIRM", + "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/1366f2dd9931" + }, + { + "name": "102164", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102164" + }, + { + "name": "[debian-lts-announce] 20180108 [SECURITY] [DLA 1231-1] graphicsmagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00005.html" + }, + { + "name": "https://sourceforge.net/p/graphicsmagick/bugs/523/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/graphicsmagick/bugs/523/" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17745.json b/2017/17xxx/CVE-2017-17745.json index 37f023c8a83..2ce0fc09e16 100644 --- a/2017/17xxx/CVE-2017-17745.json +++ b/2017/17xxx/CVE-2017-17745.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17745", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17745", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20171219 Multiple Vulnerabilities in TP-Link TL-SG108E - CVE-2017-17745, CVE-2017-17746, CVE-2017-17747", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Dec/67" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20171219 Multiple Vulnerabilities in TP-Link TL-SG108E - CVE-2017-17745, CVE-2017-17746, CVE-2017-17747", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Dec/67" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9102.json b/2017/9xxx/CVE-2017-9102.json index eb6cf11c2d3..ddc2af9dd0c 100644 --- a/2017/9xxx/CVE-2017-9102.json +++ b/2017/9xxx/CVE-2017-9102.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9102", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9102", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9468.json b/2017/9xxx/CVE-2017-9468.json index 8d9f05b7ab4..51b5f5f7296 100644 --- a/2017/9xxx/CVE-2017-9468.json +++ b/2017/9xxx/CVE-2017-9468.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwall.com/lists/oss-security/2017/06/06/4", - "refsource" : "CONFIRM", - "url" : "http://openwall.com/lists/oss-security/2017/06/06/4" - }, - { - "name" : "https://irssi.org/security/irssi_sa_2017_06.txt", - "refsource" : "CONFIRM", - "url" : "https://irssi.org/security/irssi_sa_2017_06.txt" - }, - { - "name" : "DSA-3885", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3885" - }, - { - "name" : "99015", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99015" - }, - { - "name" : "1038621", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038621" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3885", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3885" + }, + { + "name": "http://openwall.com/lists/oss-security/2017/06/06/4", + "refsource": "CONFIRM", + "url": "http://openwall.com/lists/oss-security/2017/06/06/4" + }, + { + "name": "https://irssi.org/security/irssi_sa_2017_06.txt", + "refsource": "CONFIRM", + "url": "https://irssi.org/security/irssi_sa_2017_06.txt" + }, + { + "name": "99015", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99015" + }, + { + "name": "1038621", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038621" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9584.json b/2017/9xxx/CVE-2017-9584.json index 33c5b566fae..bad9043c181 100644 --- a/2017/9xxx/CVE-2017-9584.json +++ b/2017/9xxx/CVE-2017-9584.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"HBO Mobile Banking\" by Heritage Bank of Ozarks app 3.0.0 -- aka hbo-mobile-banking/id860224933 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", - "refsource" : "MISC", - "url" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"HBO Mobile Banking\" by Heritage Bank of Ozarks app 3.0.0 -- aka hbo-mobile-banking/id860224933 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", + "refsource": "MISC", + "url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9618.json b/2017/9xxx/CVE-2017-9618.json index 4f6b4d64a92..d2a81ec5342 100644 --- a/2017/9xxx/CVE-2017-9618.json +++ b/2017/9xxx/CVE-2017-9618.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9618", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3c2aebbedd37fab054e80f2e315de07d7e9b5bdb", - "refsource" : "CONFIRM", - "url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3c2aebbedd37fab054e80f2e315de07d7e9b5bdb" - }, - { - "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=698044", - "refsource" : "CONFIRM", - "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=698044" - }, - { - "name" : "GLSA-201811-12", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-12" - }, - { - "name" : "99993", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99993" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201811-12", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-12" + }, + { + "name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3c2aebbedd37fab054e80f2e315de07d7e9b5bdb", + "refsource": "CONFIRM", + "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3c2aebbedd37fab054e80f2e315de07d7e9b5bdb" + }, + { + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=698044", + "refsource": "CONFIRM", + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=698044" + }, + { + "name": "99993", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99993" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9688.json b/2017/9xxx/CVE-2017-9688.json index 16d3bacd470..3ac9d3aa4a4 100644 --- a/2017/9xxx/CVE-2017-9688.json +++ b/2017/9xxx/CVE-2017-9688.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9688", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9688", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0243.json b/2018/0xxx/CVE-2018-0243.json index 8ffe4761cbb..02053a67336 100644 --- a/2018/0xxx/CVE-2018-0243.json +++ b/2018/0xxx/CVE-2018-0243.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Firepower System Software", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Firepower System Software" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured file action policy that is intended to drop the Server Message Block Version 2 (SMB2) and SMB Version 3 (SMB3) protocols if malware is detected. The vulnerability is due to incorrect detection of an SMB2 or SMB3 file based on the total file length. An attacker could exploit this vulnerability by sending a crafted SMB2 or SMB3 transfer request through the targeted device. An exploit could allow the attacker to pass SMB2 or SMB3 files that could be malware even though the device is configured to block them. This vulnerability does not exist for SMB Version 1 (SMB1) files. This vulnerability affects Cisco Firepower System Software when one or more file action policies are configured, on software releases prior to 6.2.3. Cisco Bug IDs: CSCvg68807." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-693" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Firepower System Software", + "version": { + "version_data": [ + { + "version_value": "Cisco Firepower System Software" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss" - }, - { - "name" : "103943", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103943" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured file action policy that is intended to drop the Server Message Block Version 2 (SMB2) and SMB Version 3 (SMB3) protocols if malware is detected. The vulnerability is due to incorrect detection of an SMB2 or SMB3 file based on the total file length. An attacker could exploit this vulnerability by sending a crafted SMB2 or SMB3 transfer request through the targeted device. An exploit could allow the attacker to pass SMB2 or SMB3 files that could be malware even though the device is configured to block them. This vulnerability does not exist for SMB Version 1 (SMB1) files. This vulnerability affects Cisco Firepower System Software when one or more file action policies are configured, on software releases prior to 6.2.3. Cisco Bug IDs: CSCvg68807." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-693" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103943", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103943" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0724.json b/2018/0xxx/CVE-2018-0724.json index dfe22c5aec4..c846f431920 100644 --- a/2018/0xxx/CVE-2018-0724.json +++ b/2018/0xxx/CVE-2018-0724.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@qnapsecurity.com.tw", - "DATE_PUBLIC" : "2018-12-26T00:00:00", - "ID" : "CVE-2018-0724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Q'center Virtual Appliance", - "version" : { - "version_data" : [ - { - "version_value" : "Q'center Virtual Appliance 1.8.1014 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "QNAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0723." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "security@qnap.com", + "DATE_PUBLIC": "2018-12-26T00:00:00", + "ID": "CVE-2018-0724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Q'center Virtual Appliance", + "version": { + "version_data": [ + { + "version_value": "Q'center Virtual Appliance 1.8.1014 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "QNAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26", - "refsource" : "CONFIRM", - "url" : "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0723." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26", + "refsource": "CONFIRM", + "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000125.json b/2018/1000xxx/CVE-2018-1000125.json index 15e7b95f08d..01a27cc0962 100644 --- a/2018/1000xxx/CVE-2018-1000125.json +++ b/2018/1000xxx/CVE-2018-1000125.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "3/1/2018 18:13:33", - "ID" : "CVE-2018-1000125", - "REQUESTER" : "daniel@inversoft.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "prime-jwt", - "version" : { - "version_data" : [ - { - "version_value" : "prior to version 1.3.0 or prior to commit 0d94dcef0133d699f21d217e922564adbb83a227" - } - ] - } - } - ] - }, - "vendor_name" : "inversoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "inversoft prime-jwt version prior to version 1.3.0 or prior to commit 0d94dcef0133d699f21d217e922564adbb83a227 contains an input validation vulnerability in JWTDecoder.decode that can result in a JWT that is decoded and thus implicitly validated even if it lacks a valid signature. This attack appear to be exploitable via an attacker crafting a token with a valid header and body and then requests it to be validated. This vulnerability appears to have been fixed in 1.3.0 and later or after commit 0d94dcef0133d699f21d217e922564adbb83a227." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "3/1/2018 18:13:33", + "ID": "CVE-2018-1000125", + "REQUESTER": "daniel@inversoft.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/inversoft/prime-jwt/blob/master/CHANGES", - "refsource" : "CONFIRM", - "url" : "https://github.com/inversoft/prime-jwt/blob/master/CHANGES" - }, - { - "name" : "https://github.com/inversoft/prime-jwt/issues/2", - "refsource" : "CONFIRM", - "url" : "https://github.com/inversoft/prime-jwt/issues/2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "inversoft prime-jwt version prior to version 1.3.0 or prior to commit 0d94dcef0133d699f21d217e922564adbb83a227 contains an input validation vulnerability in JWTDecoder.decode that can result in a JWT that is decoded and thus implicitly validated even if it lacks a valid signature. This attack appear to be exploitable via an attacker crafting a token with a valid header and body and then requests it to be validated. This vulnerability appears to have been fixed in 1.3.0 and later or after commit 0d94dcef0133d699f21d217e922564adbb83a227." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/inversoft/prime-jwt/blob/master/CHANGES", + "refsource": "CONFIRM", + "url": "https://github.com/inversoft/prime-jwt/blob/master/CHANGES" + }, + { + "name": "https://github.com/inversoft/prime-jwt/issues/2", + "refsource": "CONFIRM", + "url": "https://github.com/inversoft/prime-jwt/issues/2" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000842.json b/2018/1000xxx/CVE-2018-1000842.json index 3601c70ff2f..384aa3d9dc0 100644 --- a/2018/1000xxx/CVE-2018-1000842.json +++ b/2018/1000xxx/CVE-2018-1000842.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-11-27T13:54:33.479249", - "DATE_REQUESTED" : "2018-10-27T06:04:25", - "ID" : "CVE-2018-1000842", - "REQUESTER" : "security@fatfreecrm.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FatFreeCRM", - "version" : { - "version_data" : [ - { - "version_value" : "<=0.14.1, >=0.15.0 <=0.15.1, >=0.16.0 <=0.16.3, >=0.17.0 <=0.17.2, ==0.18.0" - } - ] - } - } - ] - }, - "vendor_name" : "FatFreeCRM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FatFreeCRM version <=0.14.1, >=0.15.0 <=0.15.1, >=0.16.0 <=0.16.3, >=0.17.0 <=0.17.2, ==0.18.0 contains a Cross Site Scripting (XSS) vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appear to be exploitable via Content with Javascript payload will be executed on end user browsers when they visit the page. This vulnerability appears to have been fixed in 0.18.1, 0.17.3, 0.16.4, 0.15.2, 0.14.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-11-27T13:54:33.479249", + "DATE_REQUESTED": "2018-10-27T06:04:25", + "ID": "CVE-2018-1000842", + "REQUESTER": "security@fatfreecrm.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/asteinhauser/fat_free_crm/commit/306f940b26ccf3f406665f07bece1229a7a5dcfa", - "refsource" : "MISC", - "url" : "https://github.com/asteinhauser/fat_free_crm/commit/306f940b26ccf3f406665f07bece1229a7a5dcfa" - }, - { - "name" : "https://github.com/asteinhauser/fat_free_crm/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/asteinhauser/fat_free_crm/issues/1" - }, - { - "name" : "https://github.com/fatfreecrm/fat_free_crm/wiki/XSS-Vulnerability-%282018-10-27%29", - "refsource" : "MISC", - "url" : "https://github.com/fatfreecrm/fat_free_crm/wiki/XSS-Vulnerability-%282018-10-27%29" - }, - { - "name" : "https://groups.google.com/forum/#!topic/fat-free-crm-users/TxsdZXSe7Jc", - "refsource" : "MISC", - "url" : "https://groups.google.com/forum/#!topic/fat-free-crm-users/TxsdZXSe7Jc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FatFreeCRM version <=0.14.1, >=0.15.0 <=0.15.1, >=0.16.0 <=0.16.3, >=0.17.0 <=0.17.2, ==0.18.0 contains a Cross Site Scripting (XSS) vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appear to be exploitable via Content with Javascript payload will be executed on end user browsers when they visit the page. This vulnerability appears to have been fixed in 0.18.1, 0.17.3, 0.16.4, 0.15.2, 0.14.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/asteinhauser/fat_free_crm/issues/1", + "refsource": "MISC", + "url": "https://github.com/asteinhauser/fat_free_crm/issues/1" + }, + { + "name": "https://github.com/asteinhauser/fat_free_crm/commit/306f940b26ccf3f406665f07bece1229a7a5dcfa", + "refsource": "MISC", + "url": "https://github.com/asteinhauser/fat_free_crm/commit/306f940b26ccf3f406665f07bece1229a7a5dcfa" + }, + { + "name": "https://github.com/fatfreecrm/fat_free_crm/wiki/XSS-Vulnerability-%282018-10-27%29", + "refsource": "MISC", + "url": "https://github.com/fatfreecrm/fat_free_crm/wiki/XSS-Vulnerability-%282018-10-27%29" + }, + { + "name": "https://groups.google.com/forum/#!topic/fat-free-crm-users/TxsdZXSe7Jc", + "refsource": "MISC", + "url": "https://groups.google.com/forum/#!topic/fat-free-crm-users/TxsdZXSe7Jc" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18447.json b/2018/18xxx/CVE-2018-18447.json index b87677527ba..b2d560af387 100644 --- a/2018/18xxx/CVE-2018-18447.json +++ b/2018/18xxx/CVE-2018-18447.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18447", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18447", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19536.json b/2018/19xxx/CVE-2018-19536.json index 33575efd584..d9c9ee4ac77 100644 --- a/2018/19xxx/CVE-2018-19536.json +++ b/2018/19xxx/CVE-2018-19536.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19536", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19536", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19579.json b/2018/19xxx/CVE-2018-19579.json index 04d670dafe4..42da959b30f 100644 --- a/2018/19xxx/CVE-2018-19579.json +++ b/2018/19xxx/CVE-2018-19579.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19579", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19579", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19895.json b/2018/19xxx/CVE-2018-19895.json index 0d6ab094a78..0a7afe0bb6f 100644 --- a/2018/19xxx/CVE-2018-19895.json +++ b/2018/19xxx/CVE-2018-19895.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ThinkCMF X2.2.2 has SQL Injection via the function edit_post() in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/thinkcmf/cmfx/issues/26", - "refsource" : "MISC", - "url" : "https://github.com/thinkcmf/cmfx/issues/26" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ThinkCMF X2.2.2 has SQL Injection via the function edit_post() in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/thinkcmf/cmfx/issues/26", + "refsource": "MISC", + "url": "https://github.com/thinkcmf/cmfx/issues/26" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1244.json b/2018/1xxx/CVE-2018-1244.json index 5e65c606830..f9822878d09 100644 --- a/2018/1xxx/CVE-2018-1244.json +++ b/2018/1xxx/CVE-2018-1244.json @@ -1,111 +1,111 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Security_Alert@emc.com", - "DATE_PUBLIC" : "2018-06-26T05:00:00.000Z", - "ID" : "CVE-2018-1244", - "STATE" : "PUBLIC", - "TITLE" : "iDRAC7/iDRAC8/iDrac9 contains a command injection vulnerability in the SNMP agent. " - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "iDRAC7", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "2.60.60.60" - } - ] - } - }, - { - "product_name" : "iDRAC8", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "2.60.60.60" - } - ] - } - }, - { - "product_name" : "iDRAC9", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "3.21.21.21" - } - ] - } - } - ] - }, - "vendor_name" : "Dell EMC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 8.8, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Command injection vulnerability in the SNMP agent. " - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-06-26T05:00:00.000Z", + "ID": "CVE-2018-1244", + "STATE": "PUBLIC", + "TITLE": "iDRAC7/iDRAC8/iDrac9 contains a command injection vulnerability in the SNMP agent. " + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iDRAC7", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "2.60.60.60" + } + ] + } + }, + { + "product_name": "iDRAC8", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "2.60.60.60" + } + ] + } + }, + { + "product_name": "iDRAC9", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "3.21.21.21" + } + ] + } + } + ] + }, + "vendor_name": "Dell EMC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494", - "refsource" : "CONFIRM", - "url" : "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494" - }, - { - "name" : "104964", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104964" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command injection vulnerability in the SNMP agent. " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104964", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104964" + }, + { + "name": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494", + "refsource": "CONFIRM", + "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1365.json b/2018/1xxx/CVE-2018-1365.json index cf20ce9ff4e..87fa016f77e 100644 --- a/2018/1xxx/CVE-2018-1365.json +++ b/2018/1xxx/CVE-2018-1365.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1365", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1365", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1513.json b/2018/1xxx/CVE-2018-1513.json index 6384e3e7f28..66291101e76 100644 --- a/2018/1xxx/CVE-2018-1513.json +++ b/2018/1xxx/CVE-2018-1513.json @@ -1,101 +1,101 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-07-18T00:00:00", - "ID" : "CVE-2018-1513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sterling B2B Integrator", - "version" : { - "version_data" : [ - { - "version_value" : "5.2.6" - }, - { - "version_value" : "5.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0 through 5.2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141551." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-07-18T00:00:00", + "ID": "CVE-2018-1513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator", + "version": { + "version_data": [ + { + "version_value": "5.2.6" + }, + { + "version_value": "5.2.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45190", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45190/" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10717031", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10717031" - }, - { - "name" : "104910", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104910" - }, - { - "name" : "ibm-sterling-cve20181513-xss(141551)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/141551" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sterling B2B Integrator Standard Edition 5.2.0 through 5.2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141551." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-sterling-cve20181513-xss(141551)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141551" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10717031", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10717031" + }, + { + "name": "104910", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104910" + }, + { + "name": "45190", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45190/" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1672.json b/2018/1xxx/CVE-2018-1672.json index 40b1bfc99a5..d93f3f844f8 100644 --- a/2018/1xxx/CVE-2018-1672.json +++ b/2018/1xxx/CVE-2018-1672.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-09-25T00:00:00", - "ID" : "CVE-2018-1672", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebSphere Portal", - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.5" - }, - { - "version_value" : "9.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "L", - "AC" : "H", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "U", - "SCORE" : "5.000", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-09-25T00:00:00", + "ID": "CVE-2018-1672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebSphere Portal", + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.5" + }, + { + "version_value": "9.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10716981", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10716981" - }, - { - "name" : "1041766", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041766" - }, - { - "name" : "ibm-websphere-cve20181672-session-fixation(144958)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144958" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "L", + "AC": "H", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "U", + "SCORE": "5.000", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-websphere-cve20181672-session-fixation(144958)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144958" + }, + { + "name": "1041766", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041766" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10716981", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10716981" + } + ] + } +} \ No newline at end of file