diff --git a/2004/1xxx/CVE-2004-1392.json b/2004/1xxx/CVE-2004-1392.json index d09bbf22c34..d0aa2af5851 100644 --- a/2004/1xxx/CVE-2004-1392.json +++ b/2004/1xxx/CVE-2004-1392.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041027 PHP4 cURL functions bypass open_basedir", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109898213806099&w=2" - }, - { - "name" : "FLSA:2344", - "refsource" : "FEDORA", - "url" : "https://bugzilla.fedora.us/show_bug.cgi?id=2344" - }, - { - "name" : "RHSA-2005:405", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-405.html" - }, - { - "name" : "RHSA-2005:406", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-406.html" - }, - { - "name" : "20050120 [USN-66-1] PHP vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110625060220934&w=2" - }, - { - "name" : "11557", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11557" - }, - { - "name" : "oval:org.mitre.oval:def:9279", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9279" - }, - { - "name" : "1011984", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011984" - }, - { - "name" : "php-openbasedir-restriction-bypass(17900)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17900" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "php-openbasedir-restriction-bypass(17900)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17900" + }, + { + "name": "RHSA-2005:406", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-406.html" + }, + { + "name": "11557", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11557" + }, + { + "name": "20050120 [USN-66-1] PHP vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110625060220934&w=2" + }, + { + "name": "oval:org.mitre.oval:def:9279", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9279" + }, + { + "name": "FLSA:2344", + "refsource": "FEDORA", + "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2344" + }, + { + "name": "1011984", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011984" + }, + { + "name": "20041027 PHP4 cURL functions bypass open_basedir", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109898213806099&w=2" + }, + { + "name": "RHSA-2005:405", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-405.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1822.json b/2004/1xxx/CVE-2004-1822.json index eb43543ea9d..456123edf5f 100644 --- a/2004/1xxx/CVE-2004-1822.json +++ b/2004/1xxx/CVE-2004-1822.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1822", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_REFERER parameter to login.php, (2) HTTP_REFERER parameter to register.php, or (3) target parameter to profile.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040315 Phorum 5.0.3 Beta && Earlier XSS Issues", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107939479713136&w=2" - }, - { - "name" : "http://phorum.org/changelog.txt", - "refsource" : "CONFIRM", - "url" : "http://phorum.org/changelog.txt" - }, - { - "name" : "9882", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9882" - }, - { - "name" : "4333", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4333" - }, - { - "name" : "4334", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4334" - }, - { - "name" : "4335", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4335" - }, - { - "name" : "1009433", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009433" - }, - { - "name" : "11157", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11157" - }, - { - "name" : "phorum-register-xss(15494)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15494" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_REFERER parameter to login.php, (2) HTTP_REFERER parameter to register.php, or (3) target parameter to profile.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9882", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9882" + }, + { + "name": "20040315 Phorum 5.0.3 Beta && Earlier XSS Issues", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107939479713136&w=2" + }, + { + "name": "4334", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4334" + }, + { + "name": "http://phorum.org/changelog.txt", + "refsource": "CONFIRM", + "url": "http://phorum.org/changelog.txt" + }, + { + "name": "4335", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4335" + }, + { + "name": "phorum-register-xss(15494)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15494" + }, + { + "name": "11157", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11157" + }, + { + "name": "1009433", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009433" + }, + { + "name": "4333", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4333" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1848.json b/2004/1xxx/CVE-2004-1848.json index 00ea9511926..a70705c124d 100644 --- a/2004/1xxx/CVE-2004-1848.json +++ b/2004/1xxx/CVE-2004-1848.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial of service (disk consumption) and bypass file size restrictions via a REST command with a large size argument, followed by a STOR of a smaller file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040323 How to crash a harddisk - the Ipswitch WS_FTP Server way", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108006717731989&w=2" - }, - { - "name" : "9953", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9953" - }, - { - "name" : "4542", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4542" - }, - { - "name" : "11206", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11206" - }, - { - "name" : "1009529", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009529" - }, - { - "name" : "wsftp-rest-dos(15560)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15560" - }, - { - "name" : "wsftp-rest-stor-dos(41831)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41831" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial of service (disk consumption) and bypass file size restrictions via a REST command with a large size argument, followed by a STOR of a smaller file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11206", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11206" + }, + { + "name": "9953", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9953" + }, + { + "name": "20040323 How to crash a harddisk - the Ipswitch WS_FTP Server way", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108006717731989&w=2" + }, + { + "name": "wsftp-rest-stor-dos(41831)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41831" + }, + { + "name": "4542", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4542" + }, + { + "name": "wsftp-rest-dos(15560)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15560" + }, + { + "name": "1009529", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009529" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0576.json b/2008/0xxx/CVE-2008-0576.json index d691b3c59c7..e4f488e0387 100644 --- a/2008/0xxx/CVE-2008-0576.json +++ b/2008/0xxx/CVE-2008-0576.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors that write to summary table pages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/216062", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/216062" - }, - { - "name" : "ADV-2008-0376", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0376/references" - }, - { - "name" : "28731", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28731" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors that write to summary table pages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/216062", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/216062" + }, + { + "name": "ADV-2008-0376", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0376/references" + }, + { + "name": "28731", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28731" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0766.json b/2008/0xxx/CVE-2008-0766.json index d8005426130..7b4c8d04f0f 100644 --- a/2008/0xxx/CVE-2008-0766.json +++ b/2008/0xxx/CVE-2008-0766.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in RpmSrvc.exe in Brooks Remote Print Manager (RPM) 4.5.1.11 and earlier (Elite and Select) for Windows allows remote attackers to execute arbitrary code via a long filename in a \"Receive data file\" LPD command. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080212 Unicode buffer-overflow in RPM Remote Print Manager 4.5.1.11", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488010/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/rpmlpdbof-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/rpmlpdbof-adv.txt" - }, - { - "name" : "27742", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27742" - }, - { - "name" : "ADV-2008-0501", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0501" - }, - { - "name" : "28905", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28905" - }, - { - "name" : "rpm-receivedatafile-bo(40432)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in RpmSrvc.exe in Brooks Remote Print Manager (RPM) 4.5.1.11 and earlier (Elite and Select) for Windows allows remote attackers to execute arbitrary code via a long filename in a \"Receive data file\" LPD command. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28905", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28905" + }, + { + "name": "http://aluigi.altervista.org/adv/rpmlpdbof-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/rpmlpdbof-adv.txt" + }, + { + "name": "27742", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27742" + }, + { + "name": "20080212 Unicode buffer-overflow in RPM Remote Print Manager 4.5.1.11", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488010/100/0/threaded" + }, + { + "name": "ADV-2008-0501", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0501" + }, + { + "name": "rpm-receivedatafile-bo(40432)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40432" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3166.json b/2008/3xxx/CVE-2008-3166.json index d6895892752..f3a3ffdee07 100644 --- a/2008/3xxx/CVE-2008-3166.json +++ b/2008/3xxx/CVE-2008-3166.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3166", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in modules/global/inc/content.inc.php in BoonEx Ray 3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sIncPath parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6028", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6028" - }, - { - "name" : "ADV-2008-2033", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2033/references" - }, - { - "name" : "30999", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30999" - }, - { - "name" : "3994", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3994" - }, - { - "name" : "ray-sincpath-file-include(43644)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43644" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in modules/global/inc/content.inc.php in BoonEx Ray 3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sIncPath parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30999", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30999" + }, + { + "name": "3994", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3994" + }, + { + "name": "6028", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6028" + }, + { + "name": "ray-sincpath-file-include(43644)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43644" + }, + { + "name": "ADV-2008-2033", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2033/references" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3178.json b/2008/3xxx/CVE-2008-3178.json index 2a5e36b7425..11819e1c12a 100644 --- a/2008/3xxx/CVE-2008-3178.json +++ b/2008/3xxx/CVE-2008-3178.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in upload_pictures.php in WebXell Editor 0.1.3 allows remote attackers to execute arbitrary code by uploading a .php file with a jpeg content type, then accessing it via a direct request to the file in upload/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6015", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6015" - }, - { - "name" : "30117", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30117" - }, - { - "name" : "ADV-2008-2016", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2016/references" - }, - { - "name" : "30948", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30948" - }, - { - "name" : "3991", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3991" - }, - { - "name" : "webxelleditor-upload-file-upload(43596)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43596" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in upload_pictures.php in WebXell Editor 0.1.3 allows remote attackers to execute arbitrary code by uploading a .php file with a jpeg content type, then accessing it via a direct request to the file in upload/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3991", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3991" + }, + { + "name": "ADV-2008-2016", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2016/references" + }, + { + "name": "30948", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30948" + }, + { + "name": "webxelleditor-upload-file-upload(43596)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43596" + }, + { + "name": "30117", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30117" + }, + { + "name": "6015", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6015" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3563.json b/2008/3xxx/CVE-2008-3563.json index db2b1da67df..a8792b48904 100644 --- a/2008/3xxx/CVE-2008-3563.json +++ b/2008/3xxx/CVE-2008-3563.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3563", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the checked array parameter to plog-download.php in an album action and (2) unspecified parameters to plog-remote.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the activate parameter to admin/plog-themes.php, related to theme_dir settings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080805 Plogger <= 3.0 SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495116/100/0/threaded" - }, - { - "name" : "6204", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6204" - }, - { - "name" : "http://www.gulftech.org/?node=research&article_id=00121-08042008", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00121-08042008" - }, - { - "name" : "http://dev.plogger.org/changeset/569", - "refsource" : "CONFIRM", - "url" : "http://dev.plogger.org/changeset/569" - }, - { - "name" : "30547", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30547" - }, - { - "name" : "4121", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4121" - }, - { - "name" : "plogger-plogdownload-sql-injection(44233)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44233" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the checked array parameter to plog-download.php in an album action and (2) unspecified parameters to plog-remote.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the activate parameter to admin/plog-themes.php, related to theme_dir settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4121", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4121" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00121-08042008", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00121-08042008" + }, + { + "name": "20080805 Plogger <= 3.0 SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495116/100/0/threaded" + }, + { + "name": "http://dev.plogger.org/changeset/569", + "refsource": "CONFIRM", + "url": "http://dev.plogger.org/changeset/569" + }, + { + "name": "6204", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6204" + }, + { + "name": "30547", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30547" + }, + { + "name": "plogger-plogdownload-sql-injection(44233)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44233" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3663.json b/2008/3xxx/CVE-2008-3663.json index 7f2707c4dd3..3d332a960ac 100644 --- a/2008/3xxx/CVE-2008-3663.json +++ b/2008/3xxx/CVE-2008-3663.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3663", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080922 Squirrelmail: Session hijacking vulnerability, CVE-2008-3663", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496601/100/0/threaded" - }, - { - "name" : "http://int21.de/cve/CVE-2008-3663-squirrelmail.html", - "refsource" : "MISC", - "url" : "http://int21.de/cve/CVE-2008-3663-squirrelmail.html" - }, - { - "name" : "http://www.nabble.com/ANNOUNCE:-SquirrelMail-1.4.16-Released-td19711998.html", - "refsource" : "CONFIRM", - "url" : "http://www.nabble.com/ANNOUNCE:-SquirrelMail-1.4.16-Released-td19711998.html" - }, - { - "name" : "http://support.apple.com/kb/HT3438", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3438" - }, - { - "name" : "APPLE-SA-2009-02-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" - }, - { - "name" : "SUSE-SR:2008:028", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html" - }, - { - "name" : "SUSE-SR:2009:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" - }, - { - "name" : "31321", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31321" - }, - { - "name" : "oval:org.mitre.oval:def:10548", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10548" - }, - { - "name" : "33937", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33937" - }, - { - "name" : "4304", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4304" - }, - { - "name" : "squirrelmail-cookie-session-hijacking(45700)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45700" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.nabble.com/ANNOUNCE:-SquirrelMail-1.4.16-Released-td19711998.html", + "refsource": "CONFIRM", + "url": "http://www.nabble.com/ANNOUNCE:-SquirrelMail-1.4.16-Released-td19711998.html" + }, + { + "name": "33937", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33937" + }, + { + "name": "http://int21.de/cve/CVE-2008-3663-squirrelmail.html", + "refsource": "MISC", + "url": "http://int21.de/cve/CVE-2008-3663-squirrelmail.html" + }, + { + "name": "31321", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31321" + }, + { + "name": "http://support.apple.com/kb/HT3438", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3438" + }, + { + "name": "4304", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4304" + }, + { + "name": "APPLE-SA-2009-02-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" + }, + { + "name": "20080922 Squirrelmail: Session hijacking vulnerability, CVE-2008-3663", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496601/100/0/threaded" + }, + { + "name": "squirrelmail-cookie-session-hijacking(45700)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45700" + }, + { + "name": "SUSE-SR:2009:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" + }, + { + "name": "SUSE-SR:2008:028", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html" + }, + { + "name": "oval:org.mitre.oval:def:10548", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10548" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3677.json b/2008/3xxx/CVE-2008-3677.json index b128adfc06a..8457c837e61 100644 --- a/2008/3xxx/CVE-2008-3677.json +++ b/2008/3xxx/CVE-2008-3677.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3677", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in includes/events_application_top.php in Freeway before 1.4.2.197 allows remote attackers to include and execute arbitrary local files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3677", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=619467", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=619467" - }, - { - "name" : "30676", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30676" - }, - { - "name" : "31475", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31475" - }, - { - "name" : "freeway-unspecified-file-include(44426)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in includes/events_application_top.php in Freeway before 1.4.2.197 allows remote attackers to include and execute arbitrary local files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "freeway-unspecified-file-include(44426)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44426" + }, + { + "name": "31475", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31475" + }, + { + "name": "30676", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30676" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=619467", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=619467" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3915.json b/2008/3xxx/CVE-2008-3915.json index aa4fd5ace85..cbbf3a02d6b 100644 --- a/2008/3xxx/CVE-2008-3915.json +++ b/2008/3xxx/CVE-2008-3915.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3915", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when NFSv4 is enabled, allows remote attackers to have an unknown impact via vectors related to decoding an NFSv4 acl." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3915", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20080903 [patch 05/16] nfsd: fix buffer overrun decoding NFSv4 acl", - "refsource" : "MLIST", - "url" : "http://lkml.org/lkml/2008/9/3/286" - }, - { - "name" : "[oss-security] 20080904 CVE request: kernel: nfsd: fix buffer overrun decoding NFSv4 acl", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/04/4" - }, - { - "name" : "[oss-security] 20080904 Re: CVE request: kernel: nfsd: fix buffer overrun decoding NFSv4 acl", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/04/18" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=91b80969ba466ba4b915a4a1d03add8c297add3f", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=91b80969ba466ba4b915a4a1d03add8c297add3f" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.4", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=461101", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=461101" - }, - { - "name" : "DSA-1636", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1636" - }, - { - "name" : "RHSA-2008:0857", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0857.html" - }, - { - "name" : "USN-659-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-659-1" - }, - { - "name" : "31133", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31133" - }, - { - "name" : "31881", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31881" - }, - { - "name" : "32190", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32190" - }, - { - "name" : "32393", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32393" - }, - { - "name" : "linux-kernel-nfsv4-bo(45055)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when NFSv4 is enabled, allows remote attackers to have an unknown impact via vectors related to decoding an NFSv4 acl." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20080904 CVE request: kernel: nfsd: fix buffer overrun decoding NFSv4 acl", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/04/4" + }, + { + "name": "[oss-security] 20080904 Re: CVE request: kernel: nfsd: fix buffer overrun decoding NFSv4 acl", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/04/18" + }, + { + "name": "32190", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32190" + }, + { + "name": "32393", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32393" + }, + { + "name": "DSA-1636", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1636" + }, + { + "name": "31881", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31881" + }, + { + "name": "USN-659-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-659-1" + }, + { + "name": "[linux-kernel] 20080903 [patch 05/16] nfsd: fix buffer overrun decoding NFSv4 acl", + "refsource": "MLIST", + "url": "http://lkml.org/lkml/2008/9/3/286" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=91b80969ba466ba4b915a4a1d03add8c297add3f", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=91b80969ba466ba4b915a4a1d03add8c297add3f" + }, + { + "name": "RHSA-2008:0857", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0857.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.4", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.4" + }, + { + "name": "31133", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31133" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=461101", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=461101" + }, + { + "name": "linux-kernel-nfsv4-bo(45055)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45055" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4126.json b/2008/4xxx/CVE-2008-4126.json index a3d60beb327..dc217f2d0ee 100644 --- a/2008/4xxx/CVE-2008-4126.json +++ b/2008/4xxx/CVE-2008-4126.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4099." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20080911 Re: CVE Request (ruby -- DNS spoofing vulnerability in resolv.rb)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/11/1" - }, - { - "name" : "[oss-security] 20080915 Re: CVE Request (ruby -- DNS spoofing vulnerability in resolv.rb)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/16/4" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490217", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490217" - }, - { - "name" : "http://packages.debian.org/changelogs/pool/main/p/python-dns/python-dns_2.3.3-1/changelog", - "refsource" : "CONFIRM", - "url" : "http://packages.debian.org/changelogs/pool/main/p/python-dns/python-dns_2.3.3-1/changelog" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4099." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packages.debian.org/changelogs/pool/main/p/python-dns/python-dns_2.3.3-1/changelog", + "refsource": "CONFIRM", + "url": "http://packages.debian.org/changelogs/pool/main/p/python-dns/python-dns_2.3.3-1/changelog" + }, + { + "name": "[oss-security] 20080911 Re: CVE Request (ruby -- DNS spoofing vulnerability in resolv.rb)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/11/1" + }, + { + "name": "[oss-security] 20080915 Re: CVE Request (ruby -- DNS spoofing vulnerability in resolv.rb)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/16/4" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490217", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490217" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4412.json b/2008/4xxx/CVE-2008-4412.json index 9f5282f0f65..403d152433f 100644 --- a/2008/4xxx/CVE-2008-4412.json +++ b/2008/4xxx/CVE-2008-4412.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4412", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Systems Insight Manager (SIM) before 5.2 Update 2 (C.05.02.02.00) allows remote attackers to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4412", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02378", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01571962" - }, - { - "name" : "SSRT080035", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01571962" - }, - { - "name" : "31777", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31777" - }, - { - "name" : "ADV-2008-2836", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2836" - }, - { - "name" : "1021064", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021064" - }, - { - "name" : "32287", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32287" - }, - { - "name" : "hp-sim-unspecified-security-bypass(45916)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45916" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Systems Insight Manager (SIM) before 5.2 Update 2 (C.05.02.02.00) allows remote attackers to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1021064", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021064" + }, + { + "name": "HPSBMA02378", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01571962" + }, + { + "name": "32287", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32287" + }, + { + "name": "hp-sim-unspecified-security-bypass(45916)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45916" + }, + { + "name": "SSRT080035", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01571962" + }, + { + "name": "ADV-2008-2836", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2836" + }, + { + "name": "31777", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31777" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4479.json b/2008/4xxx/CVE-2008-4479.json index ffc5f54964d..2095489a418 100644 --- a/2008/4xxx/CVE-2008-4479.json +++ b/2008/4xxx/CVE-2008-4479.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081008 ZDI-08-064: Novell eDirectory dhost.exe Accept Language Header Heap Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497164/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-064", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-064" - }, - { - "name" : "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7000086&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7000086&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953" - }, - { - "name" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html" - }, - { - "name" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html" - }, - { - "name" : "ADV-2008-2738", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2738" - }, - { - "name" : "1020989", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020989" - }, - { - "name" : "32111", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32111" - }, - { - "name" : "4405", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4405" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7000086&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7000086&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953" + }, + { + "name": "1020989", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020989" + }, + { + "name": "ADV-2008-2738", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2738" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-064", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-064" + }, + { + "name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html" + }, + { + "name": "20081008 ZDI-08-064: Novell eDirectory dhost.exe Accept Language Header Heap Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497164/100/0/threaded" + }, + { + "name": "32111", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32111" + }, + { + "name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html" + }, + { + "name": "4405", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4405" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4876.json b/2008/4xxx/CVE-2008-4876.json index 5ea7a29e055..37c6e2b7d58 100644 --- a/2008/4xxx/CVE-2008-4876.json +++ b/2008/4xxx/CVE-2008-4876.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4876", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web error page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080214 Philips VOIP841 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488127/100/200/threaded" - }, - { - "name" : "5113", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5113" - }, - { - "name" : "27790", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27790" - }, - { - "name" : "ADV-2008-0583", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0583" - }, - { - "name" : "28978", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28978" - }, - { - "name" : "4536", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4536" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web error page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5113", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5113" + }, + { + "name": "28978", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28978" + }, + { + "name": "27790", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27790" + }, + { + "name": "ADV-2008-0583", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0583" + }, + { + "name": "20080214 Philips VOIP841 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488127/100/200/threaded" + }, + { + "name": "4536", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4536" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6027.json b/2008/6xxx/CVE-2008-6027.json index 2ac1dcc8e8a..bb542a2be4c 100644 --- a/2008/6xxx/CVE-2008-6027.json +++ b/2008/6xxx/CVE-2008-6027.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in BLUEPAGE CMS 2.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) whl, (2) var_1, and (3) search parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080921 [MajorSecurity Advisory #53]BLUEPAGE CMS - Cross Site Scripting and Session Fixation Issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496582/100/0/threaded" - }, - { - "name" : "http://www.majorsecurity.de/index_2.php?major_rls=major_rls53", - "refsource" : "MISC", - "url" : "http://www.majorsecurity.de/index_2.php?major_rls=major_rls53" - }, - { - "name" : "31312", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31312" - }, - { - "name" : "31968", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31968" - }, - { - "name" : "bluepagecms-index-xss(45321)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in BLUEPAGE CMS 2.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) whl, (2) var_1, and (3) search parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31968", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31968" + }, + { + "name": "31312", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31312" + }, + { + "name": "20080921 [MajorSecurity Advisory #53]BLUEPAGE CMS - Cross Site Scripting and Session Fixation Issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496582/100/0/threaded" + }, + { + "name": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls53", + "refsource": "MISC", + "url": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls53" + }, + { + "name": "bluepagecms-index-xss(45321)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45321" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6905.json b/2008/6xxx/CVE-2008-6905.json index d7151fbc93a..e3aef8de3f5 100644 --- a/2008/6xxx/CVE-2008-6905.json +++ b/2008/6xxx/CVE-2008-6905.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6905", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in index.php in BabbleBoard 1.1.6 allows remote authenticated users to hijack the authentication of administrators for requests that delete (1) categories or (2) groups; (3) ban users; or (4) delete users via the admin page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6905", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7475", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7475" - }, - { - "name" : "50721", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50721" - }, - { - "name" : "33174", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33174" - }, - { - "name" : "babbleboard-index-csrf(47396)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in index.php in BabbleBoard 1.1.6 allows remote authenticated users to hijack the authentication of administrators for requests that delete (1) categories or (2) groups; (3) ban users; or (4) delete users via the admin page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33174", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33174" + }, + { + "name": "50721", + "refsource": "OSVDB", + "url": "http://osvdb.org/50721" + }, + { + "name": "7475", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7475" + }, + { + "name": "babbleboard-index-csrf(47396)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47396" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7269.json b/2008/7xxx/CVE-2008-7269.json index 67987ec95eb..3745a7d78b3 100644 --- a/2008/7xxx/CVE-2008-7269.json +++ b/2008/7xxx/CVE-2008-7269.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081023 SiteEngine 5.x Multiple Remote Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497747/100/0/threaded" - }, - { - "name" : "6823", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6823" - }, - { - "name" : "31888", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6823", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6823" + }, + { + "name": "20081023 SiteEngine 5.x Multiple Remote Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497747/100/0/threaded" + }, + { + "name": "31888", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31888" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2191.json b/2013/2xxx/CVE-2013-2191.json index 9091fe07612..a0d0a64c4f2 100644 --- a/2013/2xxx/CVE-2013-2191.json +++ b/2013/2xxx/CVE-2013-2191.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2191", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2191", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130619 [CVE identifier assignment notification] CVE-2013-2191 python-bugzilla: Does not verify Bugzilla server certificate", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/06/19/6" - }, - { - "name" : "[python-bugzilla] 20130619 ANNOUNCE: python-bugzilla 0.9.0 released", - "refsource" : "MLIST", - "url" : "https://lists.fedorahosted.org/pipermail/python-bugzilla/2013-June/000104.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=951594", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=951594" - }, - { - "name" : "https://git.fedorahosted.org/cgit/python-bugzilla.git/commit/?id=a782282ee479ba4cc1b8b1d89700ac630ba83eef", - "refsource" : "CONFIRM", - "url" : "https://git.fedorahosted.org/cgit/python-bugzilla.git/commit/?id=a782282ee479ba4cc1b8b1d89700ac630ba83eef" - }, - { - "name" : "openSUSE-SU-2013:1154", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-07/msg00025.html" - }, - { - "name" : "openSUSE-SU-2013:1155", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-07/msg00026.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20130619 [CVE identifier assignment notification] CVE-2013-2191 python-bugzilla: Does not verify Bugzilla server certificate", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/06/19/6" + }, + { + "name": "openSUSE-SU-2013:1155", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00026.html" + }, + { + "name": "https://git.fedorahosted.org/cgit/python-bugzilla.git/commit/?id=a782282ee479ba4cc1b8b1d89700ac630ba83eef", + "refsource": "CONFIRM", + "url": "https://git.fedorahosted.org/cgit/python-bugzilla.git/commit/?id=a782282ee479ba4cc1b8b1d89700ac630ba83eef" + }, + { + "name": "openSUSE-SU-2013:1154", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00025.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=951594", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=951594" + }, + { + "name": "[python-bugzilla] 20130619 ANNOUNCE: python-bugzilla 0.9.0 released", + "refsource": "MLIST", + "url": "https://lists.fedorahosted.org/pipermail/python-bugzilla/2013-June/000104.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2285.json b/2013/2xxx/CVE-2013-2285.json index 909bf686d26..9cb3cff1ab8 100644 --- a/2013/2xxx/CVE-2013-2285.json +++ b/2013/2xxx/CVE-2013-2285.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2285", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2285", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2880.json b/2013/2xxx/CVE-2013-2880.json index cb6b785ed24..535505ea344 100644 --- a/2013/2xxx/CVE-2013-2880.json +++ b/2013/2xxx/CVE-2013-2880.json @@ -1,262 +1,262 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2880", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=160450", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=160450" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=167924", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=167924" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=173688", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=173688" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=176027", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=176027" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=176676", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=176676" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=177215", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=177215" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=177688", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=177688" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=178264", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=178264" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=178266", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=178266" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=179653", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=179653" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=187243", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=187243" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=189084", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=189084" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=189090", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=189090" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=196570", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=196570" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=222852", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=222852" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=223482", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=223482" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=223772", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=223772" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=225798", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=225798" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=226091", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=226091" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=227157", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=227157" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=230726", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=230726" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=235732", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=235732" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=236269", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=236269" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=236556", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=236556" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=236845", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=236845" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=237263", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=237263" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=239411", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=239411" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=240055", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=240055" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=240449", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=240449" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=240961", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=240961" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=242023", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=242023" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=242786", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=242786" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=242931", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=242931" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=243045", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=243045" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=243875", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=243875" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=243881", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=243881" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=246240", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=246240" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=256985", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=256985" - }, - { - "name" : "DSA-2724", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2724" - }, - { - "name" : "oval:org.mitre.oval:def:17281", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17281" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=236845", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=236845" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=256985", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=256985" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=242023", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=242023" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=196570", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=196570" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=243875", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=243875" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=226091", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=226091" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=179653", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=179653" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=187243", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=187243" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=240055", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=240055" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=178266", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=178266" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=243881", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=243881" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=173688", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=173688" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=176027", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=176027" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=223772", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=223772" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=239411", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=239411" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=240961", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=240961" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=235732", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=235732" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=177688", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=177688" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=230726", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=230726" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=246240", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=246240" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=227157", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=227157" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=240449", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=240449" + }, + { + "name": "oval:org.mitre.oval:def:17281", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17281" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=242931", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=242931" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=242786", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=242786" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=160450", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=160450" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=167924", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=167924" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=178264", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=178264" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=189090", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=189090" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=177215", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=177215" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=243045", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=243045" + }, + { + "name": "DSA-2724", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2724" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=223482", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=223482" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=237263", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=237263" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=189084", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=189084" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=222852", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=222852" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=236269", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=236269" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=236556", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=236556" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=176676", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=176676" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=225798", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=225798" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6021.json b/2013/6xxx/CVE-2013-6021.json index 74288f66f8f..1587cd323b6 100644 --- a/2013/6xxx/CVE-2013-6021.json +++ b/2013/6xxx/CVE-2013-6021.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6021", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 allows remote attackers to execute arbitrary code via a long sessionid value in a cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2013-6021", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "29273", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/29273" - }, - { - "name" : "https://funoverip.net/2013/10/watchguard-cve-2013-6021-stack-based-buffer-overflow-exploit/", - "refsource" : "MISC", - "url" : "https://funoverip.net/2013/10/watchguard-cve-2013-6021-stack-based-buffer-overflow-exploit/" - }, - { - "name" : "http://watchguardsecuritycenter.com/2013/10/17/watchguard-dimension-and-fireware-xtm-11-8/", - "refsource" : "CONFIRM", - "url" : "http://watchguardsecuritycenter.com/2013/10/17/watchguard-dimension-and-fireware-xtm-11-8/" - }, - { - "name" : "http://watchguardsecuritycenter.com/2013/10/17/xtm-11-8-secfixes/", - "refsource" : "CONFIRM", - "url" : "http://watchguardsecuritycenter.com/2013/10/17/xtm-11-8-secfixes/" - }, - { - "name" : "VU#233990", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/233990" - }, - { - "name" : "63227", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63227" - }, - { - "name" : "98752", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/98752" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 allows remote attackers to execute arbitrary code via a long sessionid value in a cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://funoverip.net/2013/10/watchguard-cve-2013-6021-stack-based-buffer-overflow-exploit/", + "refsource": "MISC", + "url": "https://funoverip.net/2013/10/watchguard-cve-2013-6021-stack-based-buffer-overflow-exploit/" + }, + { + "name": "29273", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/29273" + }, + { + "name": "98752", + "refsource": "OSVDB", + "url": "http://osvdb.org/98752" + }, + { + "name": "http://watchguardsecuritycenter.com/2013/10/17/xtm-11-8-secfixes/", + "refsource": "CONFIRM", + "url": "http://watchguardsecuritycenter.com/2013/10/17/xtm-11-8-secfixes/" + }, + { + "name": "http://watchguardsecuritycenter.com/2013/10/17/watchguard-dimension-and-fireware-xtm-11-8/", + "refsource": "CONFIRM", + "url": "http://watchguardsecuritycenter.com/2013/10/17/watchguard-dimension-and-fireware-xtm-11-8/" + }, + { + "name": "63227", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63227" + }, + { + "name": "VU#233990", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/233990" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6032.json b/2013/6xxx/CVE-2013-6032.json index c831aeff45e..536785e4f1b 100644 --- a/2013/6xxx/CVE-2013-6032.json +++ b/2013/6xxx/CVE-2013-6032.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6032", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64x before LS.ST.P344, X64xef through LC2.TI.P325, C935dn through LC.JO.P091, C920 through LS.TA.P152, C78x through LC.IO.P187, X78x through LC2.IO.P335, C77x through LC.CM.P052, X772 through LC2.TR.P291, C53x through LS.SW.P069, C52x through LS.FA.P150, 25xxN through LCL.CU.P114, N4000 through LC.MD.P119, N4050e through GO.GO.N206, N70xxe through LC.CO.N309, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allows remote attackers to remove the Password Protect administrative password via the vac.255.GENPASSWORD parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2013-6032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.lexmark.com/index?page=content&id=TE586", - "refsource" : "CONFIRM", - "url" : "http://support.lexmark.com/index?page=content&id=TE586" - }, - { - "name" : "VU#108062", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/108062" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64x before LS.ST.P344, X64xef through LC2.TI.P325, C935dn through LC.JO.P091, C920 through LS.TA.P152, C78x through LC.IO.P187, X78x through LC2.IO.P335, C77x through LC.CM.P052, X772 through LC2.TR.P291, C53x through LS.SW.P069, C52x through LS.FA.P150, 25xxN through LCL.CU.P114, N4000 through LC.MD.P119, N4050e through GO.GO.N206, N70xxe through LC.CO.N309, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allows remote attackers to remove the Password Protect administrative password via the vac.255.GENPASSWORD parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#108062", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/108062" + }, + { + "name": "http://support.lexmark.com/index?page=content&id=TE586", + "refsource": "CONFIRM", + "url": "http://support.lexmark.com/index?page=content&id=TE586" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6063.json b/2013/6xxx/CVE-2013-6063.json index ded1a2198a3..48a6d45e58c 100644 --- a/2013/6xxx/CVE-2013-6063.json +++ b/2013/6xxx/CVE-2013-6063.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6063", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6063", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6092.json b/2013/6xxx/CVE-2013-6092.json index d2f6ed70cfe..320a6833cd4 100644 --- a/2013/6xxx/CVE-2013-6092.json +++ b/2013/6xxx/CVE-2013-6092.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6092", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6092", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6111.json b/2013/6xxx/CVE-2013-6111.json index 5ce93cea755..7dccebbebf1 100644 --- a/2013/6xxx/CVE-2013-6111.json +++ b/2013/6xxx/CVE-2013-6111.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.x, 1.0.22.7, 1.1.x, 1.24.1, 1.3.25.1 through 1.3.25.4, 1.4.26.1 through 1.4.26.4, 1.5.27.1 through 1.5.27.3, and 1.6.29.1 through 1.6.29.6 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://groups.google.com/d/msg/mod-pagespeed-announce/oo015UHRxMc/JcAuf1hE8L8J", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/d/msg/mod-pagespeed-announce/oo015UHRxMc/JcAuf1hE8L8J" - }, - { - "name" : "99081", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/99081" - }, - { - "name" : "1029262", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029262" - }, - { - "name" : "55429", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55429" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.x, 1.0.22.7, 1.1.x, 1.24.1, 1.3.25.1 through 1.3.25.4, 1.4.26.1 through 1.4.26.4, 1.5.27.1 through 1.5.27.3, and 1.6.29.1 through 1.6.29.6 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55429", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55429" + }, + { + "name": "99081", + "refsource": "OSVDB", + "url": "http://osvdb.org/99081" + }, + { + "name": "https://groups.google.com/d/msg/mod-pagespeed-announce/oo015UHRxMc/JcAuf1hE8L8J", + "refsource": "CONFIRM", + "url": "https://groups.google.com/d/msg/mod-pagespeed-announce/oo015UHRxMc/JcAuf1hE8L8J" + }, + { + "name": "1029262", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029262" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6578.json b/2013/6xxx/CVE-2013-6578.json index 18f51c2c521..ab4eb9a40eb 100644 --- a/2013/6xxx/CVE-2013-6578.json +++ b/2013/6xxx/CVE-2013-6578.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6578", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6578", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7024.json b/2013/7xxx/CVE-2013-7024.json index 16abc2d6977..9f31d291b73 100644 --- a/2013/7xxx/CVE-2013-7024.json +++ b/2013/7xxx/CVE-2013-7024.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7024", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not consider the component number in certain calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/11/26/7" - }, - { - "name" : "[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/12/08/3" - }, - { - "name" : "http://ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://ffmpeg.org/security.html" - }, - { - "name" : "https://github.com/FFmpeg/FFmpeg/commit/fe448cd28d674c3eff3072552eae366d0b659ce9", - "refsource" : "CONFIRM", - "url" : "https://github.com/FFmpeg/FFmpeg/commit/fe448cd28d674c3eff3072552eae366d0b659ce9" - }, - { - "name" : "https://trac.ffmpeg.org/ticket/2921", - "refsource" : "CONFIRM", - "url" : "https://trac.ffmpeg.org/ticket/2921" - }, - { - "name" : "GLSA-201603-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-06" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not consider the component number in certain calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/FFmpeg/FFmpeg/commit/fe448cd28d674c3eff3072552eae366d0b659ce9", + "refsource": "CONFIRM", + "url": "https://github.com/FFmpeg/FFmpeg/commit/fe448cd28d674c3eff3072552eae366d0b659ce9" + }, + { + "name": "GLSA-201603-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-06" + }, + { + "name": "https://trac.ffmpeg.org/ticket/2921", + "refsource": "CONFIRM", + "url": "https://trac.ffmpeg.org/ticket/2921" + }, + { + "name": "http://ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://ffmpeg.org/security.html" + }, + { + "name": "[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/12/08/3" + }, + { + "name": "[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/11/26/7" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7324.json b/2013/7xxx/CVE-2013-7324.json index 20567de7f42..d5c0e3918bb 100644 --- a/2013/7xxx/CVE-2013-7324.json +++ b/2013/7xxx/CVE-2013-7324.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7324", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7324", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10050.json b/2017/10xxx/CVE-2017-10050.json index 0a600984d60..2e24b1f4f48 100644 --- a/2017/10xxx/CVE-2017-10050.json +++ b/2017/10xxx/CVE-2017-10050.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10050", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Hospitality Suite8", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.10.1" - }, - { - "version_affected" : "=", - "version_value" : "8.10.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Suite8, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suite8 accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Suite8 accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Suite8, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suite8 accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Suite8 accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10050", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Suite8", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.10.1" + }, + { + "version_affected": "=", + "version_value": "8.10.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "101363", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101363" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Suite8, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suite8 accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Suite8 accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Suite8, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suite8 accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Suite8 accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "101363", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101363" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10194.json b/2017/10xxx/CVE-2017-10194.json index 1072bf56a86..f5380c4b3b4 100644 --- a/2017/10xxx/CVE-2017-10194.json +++ b/2017/10xxx/CVE-2017-10194.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-10194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SSM - (hot-tamale) ILOM: Integrated Lights Out Manager", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "3.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: System Management). The supported version that is affected is Prior to 3.2.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Integrated Lights Out Manager (ILOM). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Integrated Lights Out Manager (ILOM) accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Integrated Lights Out Manager (ILOM). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Integrated Lights Out Manager (ILOM) accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-10194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SSM - (hot-tamale) ILOM: Integrated Lights Out Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "3.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "101445", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101445" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: System Management). The supported version that is affected is Prior to 3.2.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Integrated Lights Out Manager (ILOM). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Integrated Lights Out Manager (ILOM) accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Integrated Lights Out Manager (ILOM). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Integrated Lights Out Manager (ILOM) accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "101445", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101445" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10449.json b/2017/10xxx/CVE-2017-10449.json index b494a8317f6..8dd87b3052b 100644 --- a/2017/10xxx/CVE-2017-10449.json +++ b/2017/10xxx/CVE-2017-10449.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10449", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10449", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10552.json b/2017/10xxx/CVE-2017-10552.json index ea3509b520a..da81718c8f8 100644 --- a/2017/10xxx/CVE-2017-10552.json +++ b/2017/10xxx/CVE-2017-10552.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10552", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10552", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10584.json b/2017/10xxx/CVE-2017-10584.json index 61431edeb55..7ab6b446de7 100644 --- a/2017/10xxx/CVE-2017-10584.json +++ b/2017/10xxx/CVE-2017-10584.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10584", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10584", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14057.json b/2017/14xxx/CVE-2017-14057.json index cd01d63604d..ae0664de422 100644 --- a/2017/14xxx/CVE-2017-14057.json +++ b/2017/14xxx/CVE-2017-14057.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14057", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large \"name_len\" or \"count\" field in the header but does not contain sufficient backing data, is provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html" - }, - { - "name" : "https://github.com/FFmpeg/FFmpeg/commit/7f9ec5593e04827249e7aeb466da06a98a0d7329", - "refsource" : "CONFIRM", - "url" : "https://github.com/FFmpeg/FFmpeg/commit/7f9ec5593e04827249e7aeb466da06a98a0d7329" - }, - { - "name" : "DSA-3996", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3996" - }, - { - "name" : "100630", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100630" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large \"name_len\" or \"count\" field in the header but does not contain sufficient backing data, is provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100630", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100630" + }, + { + "name": "[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html" + }, + { + "name": "https://github.com/FFmpeg/FFmpeg/commit/7f9ec5593e04827249e7aeb466da06a98a0d7329", + "refsource": "CONFIRM", + "url": "https://github.com/FFmpeg/FFmpeg/commit/7f9ec5593e04827249e7aeb466da06a98a0d7329" + }, + { + "name": "DSA-3996", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3996" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14975.json b/2017/14xxx/CVE-2017-14975.json index 300f327a4a5..03c265ae6ac 100644 --- a/2017/14xxx/CVE-2017-14975.json +++ b/2017/14xxx/CVE-2017-14975.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14975", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14975", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171118 [SECURITY] [DLA 1177-1] poppler security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html" - }, - { - "name" : "https://bugzilla.freedesktop.org/show_bug.cgi?id=102653", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.freedesktop.org/show_bug.cgi?id=102653" - }, - { - "name" : "DSA-4079", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4079" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.freedesktop.org/show_bug.cgi?id=102653", + "refsource": "CONFIRM", + "url": "https://bugzilla.freedesktop.org/show_bug.cgi?id=102653" + }, + { + "name": "DSA-4079", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4079" + }, + { + "name": "[debian-lts-announce] 20171118 [SECURITY] [DLA 1177-1] poppler security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15456.json b/2017/15xxx/CVE-2017-15456.json index 7c54483d687..a63cafced67 100644 --- a/2017/15xxx/CVE-2017-15456.json +++ b/2017/15xxx/CVE-2017-15456.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15456", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15456", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15902.json b/2017/15xxx/CVE-2017-15902.json index 531b8e4ce87..563ef7b0b83 100644 --- a/2017/15xxx/CVE-2017-15902.json +++ b/2017/15xxx/CVE-2017-15902.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15902", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15902", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15935.json b/2017/15xxx/CVE-2017-15935.json index 4b671b1b41b..bed5dc7b65a 100644 --- a/2017/15xxx/CVE-2017-15935.json +++ b/2017/15xxx/CVE-2017-15935.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/stolabs/security-issue-on-pandora-fms-enterprise-be630059a72d", - "refsource" : "MISC", - "url" : "https://medium.com/stolabs/security-issue-on-pandora-fms-enterprise-be630059a72d" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/stolabs/security-issue-on-pandora-fms-enterprise-be630059a72d", + "refsource": "MISC", + "url": "https://medium.com/stolabs/security-issue-on-pandora-fms-enterprise-be630059a72d" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17808.json b/2017/17xxx/CVE-2017-17808.json index 1b613aaa492..b27a11dfcc3 100644 --- a/2017/17xxx/CVE-2017-17808.json +++ b/2017/17xxx/CVE-2017-17808.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17808", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17808", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9454.json b/2017/9xxx/CVE-2017-9454.json index 1591b7564ed..c27067100b2 100644 --- a/2017/9xxx/CVE-2017-9454.json +++ b/2017/9xxx/CVE-2017-9454.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the ares_parse_a_reply function in the embedded ares library in ReSIProcate before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted DNS response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[security] 20170806 ares_parse_a_reply out-of-bounds read (CVE=2017-9454)", - "refsource" : "MLIST", - "url" : "https://list.resiprocate.org/archive/resiprocate-users/msg02700.html" - }, - { - "name" : "https://github.com/resiprocate/resiprocate/commit/d67a9ca6fd06ca65d23e313bdbad1ef4dd3aa0df", - "refsource" : "CONFIRM", - "url" : "https://github.com/resiprocate/resiprocate/commit/d67a9ca6fd06ca65d23e313bdbad1ef4dd3aa0df" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the ares_parse_a_reply function in the embedded ares library in ReSIProcate before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted DNS response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/resiprocate/resiprocate/commit/d67a9ca6fd06ca65d23e313bdbad1ef4dd3aa0df", + "refsource": "CONFIRM", + "url": "https://github.com/resiprocate/resiprocate/commit/d67a9ca6fd06ca65d23e313bdbad1ef4dd3aa0df" + }, + { + "name": "[security] 20170806 ares_parse_a_reply out-of-bounds read (CVE=2017-9454)", + "refsource": "MLIST", + "url": "https://list.resiprocate.org/archive/resiprocate-users/msg02700.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9713.json b/2017/9xxx/CVE-2017-9713.json index 9dc3e662d1d..1d815b5ba92 100644 --- a/2017/9xxx/CVE-2017-9713.json +++ b/2017/9xxx/CVE-2017-9713.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9713", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9713", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9774.json b/2017/9xxx/CVE-2017-9774.json index 110c9ef5f7d..607c74b29ec 100644 --- a/2017/9xxx/CVE-2017-9774.json +++ b/2017/9xxx/CVE-2017-9774.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://lists.horde.org/archives/announce/2017/001234.html", - "refsource" : "CONFIRM", - "url" : "https://lists.horde.org/archives/announce/2017/001234.html" - }, - { - "name" : "DSA-4276", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4276" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://lists.horde.org/archives/announce/2017/001234.html", + "refsource": "CONFIRM", + "url": "https://lists.horde.org/archives/announce/2017/001234.html" + }, + { + "name": "DSA-4276", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4276" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9869.json b/2017/9xxx/CVE-2017-9869.json index facea727434..7f30212ff86 100644 --- a/2017/9xxx/CVE-2017-9869.json +++ b/2017/9xxx/CVE-2017-9869.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9869", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9869", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42258", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42258/" - }, - { - "name" : "https://blogs.gentoo.org/ago/2017/06/17/lame-global-buffer-overflow-in-ii_step_one-layer2-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/06/17/lame-global-buffer-overflow-in-ii_step_one-layer2-c/" - }, - { - "name" : "99272", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99272" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99272", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99272" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/06/17/lame-global-buffer-overflow-in-ii_step_one-layer2-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/06/17/lame-global-buffer-overflow-in-ii_step_one-layer2-c/" + }, + { + "name": "42258", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42258/" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0944.json b/2018/0xxx/CVE-2018-0944.json index 76d7aeb74c9..8b72da4ab2f 100644 --- a/2018/0xxx/CVE-2018-0944.json +++ b/2018/0xxx/CVE-2018-0944.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-03-14T00:00:00", - "ID" : "CVE-2018-0944", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft SharePoint", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923 and CVE-2018-0947." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-03-14T00:00:00", + "ID": "CVE-2018-0944", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint", + "version": { + "version_data": [ + { + "version_value": "Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0944", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0944" - }, - { - "name" : "103304", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103304" - }, - { - "name" : "1040513", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040513" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923 and CVE-2018-0947." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0944", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0944" + }, + { + "name": "103304", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103304" + }, + { + "name": "1040513", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040513" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000041.json b/2018/1000xxx/CVE-2018-1000041.json index c229c03dac9..08a6c36d051 100644 --- a/2018/1000xxx/CVE-2018-1000041.json +++ b/2018/1000xxx/CVE-2018-1000041.json @@ -1,74 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "1/11/2018 14:07:39", - "ID" : "CVE-2018-1000041", - "REQUESTER" : "alexbirsan@intigriti.me", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "librsvg", - "version" : { - "version_data" : [ - { - "version_value" : "before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea" - } - ] - } - } - ] - }, - "vendor_name" : "GNOME" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper input validation" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "1/11/2018 14:07:39", + "ID": "CVE-2018-1000041", + "REQUESTER": "alexbirsan@intigriti.me", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180212 [SECURITY] [DLA 1278-1] librsvg security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/02/msg00013.html" - }, - { - "name" : "https://github.com/GNOME/librsvg/commit/c6ddf2ed4d768fd88adbea2b63f575cd523022ea", - "refsource" : "CONFIRM", - "url" : "https://github.com/GNOME/librsvg/commit/c6ddf2ed4d768fd88adbea2b63f575cd523022ea" - }, - { - "name" : "https://github.com/ImageMagick/librsvg/commit/f9d69eadd2b16b00d1a1f9f286122123f8e547dd", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/librsvg/commit/f9d69eadd2b16b00d1a1f9f286122123f8e547dd" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/librsvg/commit/f9d69eadd2b16b00d1a1f9f286122123f8e547dd", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/librsvg/commit/f9d69eadd2b16b00d1a1f9f286122123f8e547dd" + }, + { + "name": "https://github.com/GNOME/librsvg/commit/c6ddf2ed4d768fd88adbea2b63f575cd523022ea", + "refsource": "CONFIRM", + "url": "https://github.com/GNOME/librsvg/commit/c6ddf2ed4d768fd88adbea2b63f575cd523022ea" + }, + { + "name": "[debian-lts-announce] 20180212 [SECURITY] [DLA 1278-1] librsvg security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00013.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000042.json b/2018/1000xxx/CVE-2018-1000042.json index bf4ce3e2a90..10bc5b5e7d9 100644 --- a/2018/1000xxx/CVE-2018-1000042.json +++ b/2018/1000xxx/CVE-2018-1000042.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "1/31/2018 20:29:42", - "ID" : "CVE-2018-1000042", - "REQUESTER" : "medsgerj@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Squert", - "version" : { - "version_data" : [ - { - "version_value" : "1.3.0 through 1.6.7" - } - ] - } - } - ] - }, - "vendor_name" : "Security Onion Solutions" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the data or obj parameters, used in autocat(). This vulnerability appears to have been fixed in 1.7.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "1/31/2018 20:29:42", + "ID": "CVE-2018-1000042", + "REQUESTER": "medsgerj@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.securityonion.net/2018/01/security-advisory-for-squert.html", - "refsource" : "CONFIRM", - "url" : "http://blog.securityonion.net/2018/01/security-advisory-for-squert.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the data or obj parameters, used in autocat(). This vulnerability appears to have been fixed in 1.7.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.securityonion.net/2018/01/security-advisory-for-squert.html", + "refsource": "CONFIRM", + "url": "http://blog.securityonion.net/2018/01/security-advisory-for-squert.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000119.json b/2018/1000xxx/CVE-2018-1000119.json index 64ba798c22c..3ef290e800c 100644 --- a/2018/1000xxx/CVE-2018-1000119.json +++ b/2018/1000xxx/CVE-2018-1000119.json @@ -1,82 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "3/6/2018 21:59:48", - "ID" : "CVE-2018-1000119", - "REQUESTER" : "kurt@seifried.org", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "rack-protection", - "version" : { - "version_data" : [ - { - "version_value" : "2.0.0.rc3 and earlier" - }, - { - "version_value" : "1.5.4 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Sinatra" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to have been fixed in 1.5.5 and 2.0.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-208" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "3/6/2018 21:59:48", + "ID": "CVE-2018-1000119", + "REQUESTER": "kurt@seifried.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/sinatra/rack-protection/pull/98", - "refsource" : "CONFIRM", - "url" : "https://github.com/sinatra/rack-protection/pull/98" - }, - { - "name" : "https://github.com/sinatra/sinatra/commit/8aa6c42ef724f93ae309fb7c5668e19ad547eceb#commitcomment-27964109", - "refsource" : "CONFIRM", - "url" : "https://github.com/sinatra/sinatra/commit/8aa6c42ef724f93ae309fb7c5668e19ad547eceb#commitcomment-27964109" - }, - { - "name" : "DSA-4247", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4247" - }, - { - "name" : "RHSA-2018:1060", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1060" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to have been fixed in 1.5.5 and 2.0.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/sinatra/rack-protection/pull/98", + "refsource": "CONFIRM", + "url": "https://github.com/sinatra/rack-protection/pull/98" + }, + { + "name": "RHSA-2018:1060", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1060" + }, + { + "name": "DSA-4247", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4247" + }, + { + "name": "https://github.com/sinatra/sinatra/commit/8aa6c42ef724f93ae309fb7c5668e19ad547eceb#commitcomment-27964109", + "refsource": "CONFIRM", + "url": "https://github.com/sinatra/sinatra/commit/8aa6c42ef724f93ae309fb7c5668e19ad547eceb#commitcomment-27964109" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16047.json b/2018/16xxx/CVE-2018-16047.json index 5900bfe1e29..85d7f553908 100644 --- a/2018/16xxx/CVE-2018-16047.json +++ b/2018/16xxx/CVE-2018-16047.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-16047", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-16047", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" - }, - { - "name" : "106162", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106162", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106162" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16184.json b/2018/16xxx/CVE-2018-16184.json index 0c5d0425f63..e29b5ff0677 100644 --- a/2018/16xxx/CVE-2018-16184.json +++ b/2018/16xxx/CVE-2018-16184.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-16184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "RICOH Interactive Whiteboard", - "version" : { - "version_data" : [ - { - "version_value" : "D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400)" - } - ] - } - } - ] - }, - "vendor_name" : "RICOH COMPANY, LTD." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400) allows remote attackers to execute arbitrary commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OS Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RICOH Interactive Whiteboard", + "version": { + "version_data": [ + { + "version_value": "D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400)" + } + ] + } + } + ] + }, + "vendor_name": "RICOH COMPANY, LTD." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ricoh.com/info/2018/1127_1.html", - "refsource" : "MISC", - "url" : "https://www.ricoh.com/info/2018/1127_1.html" - }, - { - "name" : "JVN#55263945", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN55263945/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400) allows remote attackers to execute arbitrary commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#55263945", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN55263945/index.html" + }, + { + "name": "https://www.ricoh.com/info/2018/1127_1.html", + "refsource": "MISC", + "url": "https://www.ricoh.com/info/2018/1127_1.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16705.json b/2018/16xxx/CVE-2018-16705.json index 90dc48406f9..a2774372ea8 100644 --- a/2018/16xxx/CVE-2018-16705.json +++ b/2018/16xxx/CVE-2018-16705.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file containing all of the system's usernames and passwords. This includes the Admin and Service user accounts and their unsalted MD5 hashes, as well as the SMS server password in cleartext." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cyberskr.com/blog/furuno-felcom.html", - "refsource" : "MISC", - "url" : "https://cyberskr.com/blog/furuno-felcom.html" - }, - { - "name" : "https://gist.github.com/CyberSKR/c00eabd6b1d5603d724b615ab358ff31", - "refsource" : "MISC", - "url" : "https://gist.github.com/CyberSKR/c00eabd6b1d5603d724b615ab358ff31" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file containing all of the system's usernames and passwords. This includes the Admin and Service user accounts and their unsalted MD5 hashes, as well as the SMS server password in cleartext." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cyberskr.com/blog/furuno-felcom.html", + "refsource": "MISC", + "url": "https://cyberskr.com/blog/furuno-felcom.html" + }, + { + "name": "https://gist.github.com/CyberSKR/c00eabd6b1d5603d724b615ab358ff31", + "refsource": "MISC", + "url": "https://gist.github.com/CyberSKR/c00eabd6b1d5603d724b615ab358ff31" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19076.json b/2018/19xxx/CVE-2018-19076.json index a9bf4f293f4..c1f2b6f8aea 100644 --- a/2018/19xxx/CVE-2018-19076.json +++ b/2018/19xxx/CVE-2018-19076.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19076", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The FTP and RTSP services make it easier for attackers to conduct brute-force authentication attacks, because failed-authentication limits apply only to HTTP (not FTP or RTSP)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19076", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt", - "refsource" : "MISC", - "url" : "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The FTP and RTSP services make it easier for attackers to conduct brute-force authentication attacks, because failed-authentication limits apply only to HTTP (not FTP or RTSP)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt", + "refsource": "MISC", + "url": "https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19479.json b/2018/19xxx/CVE-2018-19479.json index 9097072c3bf..ce196980c05 100644 --- a/2018/19xxx/CVE-2018-19479.json +++ b/2018/19xxx/CVE-2018-19479.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19479", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19479", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19510.json b/2018/19xxx/CVE-2018-19510.json index 8531c4bfc66..ffc54d6c660 100644 --- a/2018/19xxx/CVE-2018-19510.json +++ b/2018/19xxx/CVE-2018-19510.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19510", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "subscriber.php in Webgalamb through 7.0 is vulnerable to SQL injection via the Client-IP HTTP request header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151017/Webgalamb-Information-Disclosure-XSS-CSRF-SQL-Injection.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151017/Webgalamb-Information-Disclosure-XSS-CSRF-SQL-Injection.html" + }, + { + "url": "http://seclists.org/fulldisclosure/2019/Jan/15", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2019/Jan/15" } ] } diff --git a/2018/19xxx/CVE-2018-19911.json b/2018/19xxx/CVE-2018-19911.json index b010c6569cc..b1997ffc1fe 100644 --- a/2018/19xxx/CVE-2018-19911.json +++ b/2018/19xxx/CVE-2018-19911.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on TCP port 8080, as demonstrated by an api/system?calc URI. This can also be exploited via CSRF. Alternatively, the default password of works for the freeswitch account can sometimes be used." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/iSafeBlue/freeswitch_rce/blob/master/README-en.md", - "refsource" : "MISC", - "url" : "https://github.com/iSafeBlue/freeswitch_rce/blob/master/README-en.md" - }, - { - "name" : "https://github.com/iSafeBlue/freeswitch_rce/blob/master/freeswitch_rce.py", - "refsource" : "MISC", - "url" : "https://github.com/iSafeBlue/freeswitch_rce/blob/master/freeswitch_rce.py" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on TCP port 8080, as demonstrated by an api/system?calc URI. This can also be exploited via CSRF. Alternatively, the default password of works for the freeswitch account can sometimes be used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/iSafeBlue/freeswitch_rce/blob/master/freeswitch_rce.py", + "refsource": "MISC", + "url": "https://github.com/iSafeBlue/freeswitch_rce/blob/master/freeswitch_rce.py" + }, + { + "name": "https://github.com/iSafeBlue/freeswitch_rce/blob/master/README-en.md", + "refsource": "MISC", + "url": "https://github.com/iSafeBlue/freeswitch_rce/blob/master/README-en.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4055.json b/2018/4xxx/CVE-2018-4055.json index 12b3a7b507e..28a51477110 100644 --- a/2018/4xxx/CVE-2018-4055.json +++ b/2018/4xxx/CVE-2018-4055.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2019-01-14T00:00:00", - "ID" : "CVE-2018-4055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Pixar Renderman", - "version" : { - "version_data" : [ - { - "version_value" : "Renderman 22.2.0 for Mac OS X" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to read any root file from the file system. An attacker would need local access to the machine to successfully exploit this flaw." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "local privilege escalation" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2019-01-14T00:00:00", + "ID": "CVE-2018-4055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Pixar Renderman", + "version": { + "version_data": [ + { + "version_value": "Renderman 22.2.0 for Mac OS X" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0729", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0729" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to read any root file from the file system. An attacker would need local access to the machine to successfully exploit this flaw." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "local privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0729", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0729" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4095.json b/2018/4xxx/CVE-2018-4095.json index b919ea99b73..2f6441cc45f 100644 --- a/2018/4xxx/CVE-2018-4095.json +++ b/2018/4xxx/CVE-2018-4095.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the \"Core Bluetooth\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.zimperium.com/cve-2018-4087-poc-escaping-sandbox-misleading-bluetoothd/", - "refsource" : "MISC", - "url" : "https://blog.zimperium.com/cve-2018-4087-poc-escaping-sandbox-misleading-bluetoothd/" - }, - { - "name" : "https://support.apple.com/HT208462", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208462" - }, - { - "name" : "https://support.apple.com/HT208463", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208463" - }, - { - "name" : "https://support.apple.com/HT208464", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208464" - }, - { - "name" : "102774", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102774" - }, - { - "name" : "1040265", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040265" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the \"Core Bluetooth\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208462", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208462" + }, + { + "name": "1040265", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040265" + }, + { + "name": "102774", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102774" + }, + { + "name": "https://support.apple.com/HT208464", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208464" + }, + { + "name": "https://blog.zimperium.com/cve-2018-4087-poc-escaping-sandbox-misleading-bluetoothd/", + "refsource": "MISC", + "url": "https://blog.zimperium.com/cve-2018-4087-poc-escaping-sandbox-misleading-bluetoothd/" + }, + { + "name": "https://support.apple.com/HT208463", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208463" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4547.json b/2018/4xxx/CVE-2018-4547.json index 9a9c36bbd47..9a2ac9a67ef 100644 --- a/2018/4xxx/CVE-2018-4547.json +++ b/2018/4xxx/CVE-2018-4547.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4547", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4547", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4882.json b/2018/4xxx/CVE-2018-4882.json index a30fcf499fa..f6271683466 100644 --- a/2018/4xxx/CVE-2018-4882.json +++ b/2018/4xxx/CVE-2018-4882.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4882", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the string literal parser. A successful attack can lead to sensitive data exposure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4882", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "name" : "102996", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102996" - }, - { - "name" : "1040364", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040364" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the string literal parser. A successful attack can lead to sensitive data exposure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102996", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102996" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" + }, + { + "name": "1040364", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040364" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4954.json b/2018/4xxx/CVE-2018-4954.json index f59607452e0..24046d6ad99 100644 --- a/2018/4xxx/CVE-2018-4954.json +++ b/2018/4xxx/CVE-2018-4954.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4954", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-after-free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", - "refsource" : "MISC", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html" - }, - { - "name" : "104169", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104169" - }, - { - "name" : "1040920", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104169", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104169" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html" + }, + { + "name": "1040920", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040920" + } + ] + } +} \ No newline at end of file