diff --git a/2001/0xxx/CVE-2001-0506.json b/2001/0xxx/CVE-2001-0506.json index cf80549a175..2abb0fb5805 100644 --- a/2001/0xxx/CVE-2001-0506.json +++ b/2001/0xxx/CVE-2001-0506.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0506", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the \"SSI privilege elevation\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010817 NSFOCUS SA2001-06 : Microsoft IIS ssinc.dll Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=99802093532233&w=2" - }, - { - "name" : "20011127 IIS Server Side Include Buffer overflow exploit code", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/242541" - }, - { - "name" : "MS01-044", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-044" - }, - { - "name" : "L-132", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/l-132.shtml" - }, - { - "name" : "3190", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3190" - }, - { - "name" : "iis-ssi-directive-bo(6984)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6984" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the \"SSI privilege elevation\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011127 IIS Server Side Include Buffer overflow exploit code", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/242541" + }, + { + "name": "20010817 NSFOCUS SA2001-06 : Microsoft IIS ssinc.dll Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=99802093532233&w=2" + }, + { + "name": "3190", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3190" + }, + { + "name": "iis-ssi-directive-bo(6984)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6984" + }, + { + "name": "L-132", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/l-132.shtml" + }, + { + "name": "MS01-044", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-044" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0626.json b/2008/0xxx/CVE-2008-0626.json index dff5a22fddf..c5d72a8587b 100644 --- a/2008/0xxx/CVE-2008-0626.json +++ b/2008/0xxx/CVE-2008-0626.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0626", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6303. Reason: This candidate is a duplicate of CVE-2007-6303. Notes: All CVE users should reference CVE-2007-6303 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-0626", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6303. Reason: This candidate is a duplicate of CVE-2007-6303. Notes: All CVE users should reference CVE-2007-6303 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0701.json b/2008/0xxx/CVE-2008-0701.json index fe77fa58fa5..7418bf5397d 100644 --- a/2008/0xxx/CVE-2008-0701.json +++ b/2008/0xxx/CVE-2008-0701.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check permissions during importing, which allows remote attackers to have an unknown impact via activation of a new item, possibly involving addition of arbitrary new content." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jira.magnolia.info/browse/MAGNOLIA-2021", - "refsource" : "CONFIRM", - "url" : "http://jira.magnolia.info/browse/MAGNOLIA-2021" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=573088", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=573088" - }, - { - "name" : "27608", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27608" - }, - { - "name" : "28745", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28745" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check permissions during importing, which allows remote attackers to have an unknown impact via activation of a new item, possibly involving addition of arbitrary new content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=573088", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=573088" + }, + { + "name": "http://jira.magnolia.info/browse/MAGNOLIA-2021", + "refsource": "CONFIRM", + "url": "http://jira.magnolia.info/browse/MAGNOLIA-2021" + }, + { + "name": "27608", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27608" + }, + { + "name": "28745", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28745" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0733.json b/2008/0xxx/CVE-2008-0733.json index df2d3818f2b..db54dc9f307 100644 --- a/2008/0xxx/CVE-2008-0733.json +++ b/2008/0xxx/CVE-2008-0733.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in CS Team Counter Strike Portals allows remote attackers to execute arbitrary SQL commands via the id parameter, as demonstrated using the downloads page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080212 Kommentare zum Download script SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487988/100/0/threaded" - }, - { - "name" : "27747", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27747" - }, - { - "name" : "counterstrikeportals-index-sql-injection(40520)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40520" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in CS Team Counter Strike Portals allows remote attackers to execute arbitrary SQL commands via the id parameter, as demonstrated using the downloads page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "counterstrikeportals-index-sql-injection(40520)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40520" + }, + { + "name": "27747", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27747" + }, + { + "name": "20080212 Kommentare zum Download script SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487988/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0856.json b/2008/0xxx/CVE-2008-0856.json index bff4bc570f7..b3d1b1e1161 100644 --- a/2008/0xxx/CVE-2008-0856.json +++ b/2008/0xxx/CVE-2008-0856.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0856", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in e-Vision CMS 2.02 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) iframe.php and (2) print.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0856", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "27816", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27816" - }, - { - "name" : "evisioncms-iframe-print-sql-injection(40859)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40859" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in e-Vision CMS 2.02 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) iframe.php and (2) print.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27816", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27816" + }, + { + "name": "evisioncms-iframe-print-sql-injection(40859)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40859" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0946.json b/2008/0xxx/CVE-2008-0946.json index e0e80cb59e3..811d30d0469 100644 --- a/2008/0xxx/CVE-2008-0946.json +++ b/2008/0xxx/CVE-2008-0946.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. (dot dot) in the recipient field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080207 Multiple vulnerabilities in Ipswitch Instant Messaging 2.0.8.1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487748/100/200/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/ipsimene-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/ipsimene-adv.txt" - }, - { - "name" : "http://aluigi.org/poc/ipsimene.zip", - "refsource" : "MISC", - "url" : "http://aluigi.org/poc/ipsimene.zip" - }, - { - "name" : "27677", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27677" - }, - { - "name" : "3697", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3697" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. (dot dot) in the recipient field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/ipsimene-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/ipsimene-adv.txt" + }, + { + "name": "20080207 Multiple vulnerabilities in Ipswitch Instant Messaging 2.0.8.1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487748/100/200/threaded" + }, + { + "name": "27677", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27677" + }, + { + "name": "3697", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3697" + }, + { + "name": "http://aluigi.org/poc/ipsimene.zip", + "refsource": "MISC", + "url": "http://aluigi.org/poc/ipsimene.zip" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1224.json b/2008/1xxx/CVE-2008-1224.json index 34b3ec685d5..0c247d8550c 100644 --- a/2008/1xxx/CVE-2008-1224.json +++ b/2008/1xxx/CVE-2008-1224.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1224", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in account.php in BosClassifieds Classified Ads System 3.0 allows remote attackers to inject arbitrary web script or HTML via the returnTo parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1224", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "28140", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28140" - }, - { - "name" : "29261", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29261" - }, - { - "name" : "classifiedads-account-xss(41045)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41045" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in account.php in BosClassifieds Classified Ads System 3.0 allows remote attackers to inject arbitrary web script or HTML via the returnTo parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "classifiedads-account-xss(41045)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41045" + }, + { + "name": "28140", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28140" + }, + { + "name": "29261", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29261" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1353.json b/2008/1xxx/CVE-2008-1353.json index d36750cf123..25810ee12b2 100644 --- a/2008/1xxx/CVE-2008-1353.json +++ b/2008/1xxx/CVE-2008-1353.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service (CPU and connection consumption) via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or /dev/zero." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080313 Zabbix (zabbix_agentd) denial of service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489506/100/0/threaded" - }, - { - "name" : "28244", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28244" - }, - { - "name" : "ADV-2008-0878", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0878" - }, - { - "name" : "29383", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29383" - }, - { - "name" : "3747", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3747" - }, - { - "name" : "zabbix-zabbixagentd-dos(41196)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41196" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service (CPU and connection consumption) via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or /dev/zero." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-0878", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0878" + }, + { + "name": "3747", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3747" + }, + { + "name": "28244", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28244" + }, + { + "name": "zabbix-zabbixagentd-dos(41196)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41196" + }, + { + "name": "29383", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29383" + }, + { + "name": "20080313 Zabbix (zabbix_agentd) denial of service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489506/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1552.json b/2008/1xxx/CVE-2008-1552.json index c3921d598f0..9c40b65c3a5 100644 --- a/2008/1xxx/CVE-2008-1552.json +++ b/2008/1xxx/CVE-2008-1552.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1552", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the \"underflow\" term in cases of wraparound from unsigned subtraction." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1552", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080325 CORE-2007-1212: SILC pkcs_decode buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490069/100/0/threaded" - }, - { - "name" : "http://www.coresecurity.com/?action=item&id=2206", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/?action=item&id=2206" - }, - { - "name" : "http://silcnet.org/general/news/?item=client_20080320_1", - "refsource" : "CONFIRM", - "url" : "http://silcnet.org/general/news/?item=client_20080320_1" - }, - { - "name" : "http://silcnet.org/general/news/?item=server_20080320_1", - "refsource" : "CONFIRM", - "url" : "http://silcnet.org/general/news/?item=server_20080320_1" - }, - { - "name" : "http://silcnet.org/general/news/?item=toolkit_20080320_1", - "refsource" : "CONFIRM", - "url" : "http://silcnet.org/general/news/?item=toolkit_20080320_1" - }, - { - "name" : "FEDORA-2008-2616", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00513.html" - }, - { - "name" : "FEDORA-2008-2641", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00538.html" - }, - { - "name" : "GLSA-200804-27", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200804-27.xml" - }, - { - "name" : "MDVSA-2008:158", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:158" - }, - { - "name" : "SUSE-SR:2008:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html" - }, - { - "name" : "28373", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28373" - }, - { - "name" : "29465", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29465" - }, - { - "name" : "ADV-2008-0974", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0974/references" - }, - { - "name" : "1019690", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019690" - }, - { - "name" : "29463", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29463" - }, - { - "name" : "29622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29622" - }, - { - "name" : "29946", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29946" - }, - { - "name" : "3795", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3795" - }, - { - "name" : "silc-silcpkcs1decode-bo(41474)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the \"underflow\" term in cases of wraparound from unsigned subtraction." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29465", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29465" + }, + { + "name": "29622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29622" + }, + { + "name": "SUSE-SR:2008:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html" + }, + { + "name": "1019690", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019690" + }, + { + "name": "GLSA-200804-27", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200804-27.xml" + }, + { + "name": "3795", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3795" + }, + { + "name": "http://silcnet.org/general/news/?item=server_20080320_1", + "refsource": "CONFIRM", + "url": "http://silcnet.org/general/news/?item=server_20080320_1" + }, + { + "name": "20080325 CORE-2007-1212: SILC pkcs_decode buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490069/100/0/threaded" + }, + { + "name": "http://silcnet.org/general/news/?item=toolkit_20080320_1", + "refsource": "CONFIRM", + "url": "http://silcnet.org/general/news/?item=toolkit_20080320_1" + }, + { + "name": "29463", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29463" + }, + { + "name": "FEDORA-2008-2641", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00538.html" + }, + { + "name": "ADV-2008-0974", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0974/references" + }, + { + "name": "29946", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29946" + }, + { + "name": "28373", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28373" + }, + { + "name": "http://www.coresecurity.com/?action=item&id=2206", + "refsource": "MISC", + "url": "http://www.coresecurity.com/?action=item&id=2206" + }, + { + "name": "http://silcnet.org/general/news/?item=client_20080320_1", + "refsource": "CONFIRM", + "url": "http://silcnet.org/general/news/?item=client_20080320_1" + }, + { + "name": "MDVSA-2008:158", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:158" + }, + { + "name": "silc-silcpkcs1decode-bo(41474)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41474" + }, + { + "name": "FEDORA-2008-2616", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00513.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1599.json b/2008/1xxx/CVE-2008-1599.json index bf442b536db..e9124c15a23 100644 --- a/2008/1xxx/CVE-2008-1599.json +++ b/2008/1xxx/CVE-2008-1599.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4156", - "refsource" : "CONFIRM", - "url" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4156" - }, - { - "name" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4157", - "refsource" : "CONFIRM", - "url" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4157" - }, - { - "name" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4158", - "refsource" : "CONFIRM", - "url" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4158" - }, - { - "name" : "IZ16975", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ16975" - }, - { - "name" : "IZ16991", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ16991" - }, - { - "name" : "IZ17058", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ17058" - }, - { - "name" : "IZ17059", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ17059" - }, - { - "name" : "oval:org.mitre.oval:def:5468", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5468" - }, - { - "name" : "ADV-2008-0865", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0865" - }, - { - "name" : "1019604", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019604" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4157", + "refsource": "CONFIRM", + "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4157" + }, + { + "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4156", + "refsource": "CONFIRM", + "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4156" + }, + { + "name": "IZ16975", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ16975" + }, + { + "name": "1019604", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019604" + }, + { + "name": "oval:org.mitre.oval:def:5468", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5468" + }, + { + "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4158", + "refsource": "CONFIRM", + "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4158" + }, + { + "name": "IZ17058", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ17058" + }, + { + "name": "IZ17059", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ17059" + }, + { + "name": "IZ16991", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ16991" + }, + { + "name": "ADV-2008-0865", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0865" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1652.json b/2008/1xxx/CVE-2008-1652.json index ff5a1e5aa74..170c38f98b2 100644 --- a/2008/1xxx/CVE-2008-1652.json +++ b/2008/1xxx/CVE-2008-1652.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the _serve_request_multiple function in lib/Perlbal/ClientHTTPBase.pm in Perlbal before 1.70, when concat get is enabled, allows remote attackers to read arbitrary files in a parent directory via a directory traversal sequence in an unspecified parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://search.cpan.org/src/BRADFITZ/Perlbal-1.70/CHANGES", - "refsource" : "CONFIRM", - "url" : "http://search.cpan.org/src/BRADFITZ/Perlbal-1.70/CHANGES" - }, - { - "name" : "ADV-2008-1045", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1045/references" - }, - { - "name" : "29565", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29565" - }, - { - "name" : "perlbal-serverequestmultiple-dir-traversal(41540)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41540" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the _serve_request_multiple function in lib/Perlbal/ClientHTTPBase.pm in Perlbal before 1.70, when concat get is enabled, allows remote attackers to read arbitrary files in a parent directory via a directory traversal sequence in an unspecified parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "perlbal-serverequestmultiple-dir-traversal(41540)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41540" + }, + { + "name": "ADV-2008-1045", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1045/references" + }, + { + "name": "http://search.cpan.org/src/BRADFITZ/Perlbal-1.70/CHANGES", + "refsource": "CONFIRM", + "url": "http://search.cpan.org/src/BRADFITZ/Perlbal-1.70/CHANGES" + }, + { + "name": "29565", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29565" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5416.json b/2008/5xxx/CVE-2008-5416.json index ad5bf1b6d32..ef8c2fd9e0e 100644 --- a/2008/5xxx/CVE-2008-5416.json +++ b/2008/5xxx/CVE-2008-5416.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows Internal Database (WYukon) SP2 allows remote authenticated users to cause a denial of service (access violation exception) or execute arbitrary code by calling the sp_replwritetovarbin extended stored procedure with a set of invalid parameters that trigger memory overwrite, aka \"SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081209 SEC Consult SA-20081109-0 :: Microsoft SQL Server 2000 sp_replwritetovarbin limited memory overwrite vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499042/100/0/threaded" - }, - { - "name" : "20081210 Microsoft SQL Server 2005 sp_replwritetovarbin memory overwrite(update to SEC Consult SA-20081209)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499085/100/0/threaded" - }, - { - "name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" - }, - { - "name" : "20081210 Microsoft SQL Server 2005 sp_replwritetovarbin memory overwrite (update to SEC Consult SA-20081209)", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0304.html" - }, - { - "name" : "7501", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7501" - }, - { - "name" : "http://www.sec-consult.com/files/20081209_mssql-2000-sp_replwritetovarbin_memwrite.txt", - "refsource" : "MISC", - "url" : "http://www.sec-consult.com/files/20081209_mssql-2000-sp_replwritetovarbin_memwrite.txt" - }, - { - "name" : "http://www.microsoft.com/technet/security/advisory/961040.mspx", - "refsource" : "CONFIRM", - "url" : "http://www.microsoft.com/technet/security/advisory/961040.mspx" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-055.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-055.htm" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" - }, - { - "name" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" - }, - { - "name" : "MS09-004", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-004" - }, - { - "name" : "TA09-041A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-041A.html" - }, - { - "name" : "VU#696644", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/696644" - }, - { - "name" : "32710", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32710" - }, - { - "name" : "50917", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50917" - }, - { - "name" : "oval:org.mitre.oval:def:6217", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6217" - }, - { - "name" : "ADV-2008-3380", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3380" - }, - { - "name" : "1021363", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021363" - }, - { - "name" : "1021490", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021490" - }, - { - "name" : "33034", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33034" - }, - { - "name" : "4706", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4706" - }, - { - "name" : "mssql-spreplwritetovarbin-bo(47182)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47182" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows Internal Database (WYukon) SP2 allows remote authenticated users to cause a denial of service (access violation exception) or execute arbitrary code by calling the sp_replwritetovarbin extended stored procedure with a set of invalid parameters that trigger memory overwrite, aka \"SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.sec-consult.com/files/20081209_mssql-2000-sp_replwritetovarbin_memwrite.txt", + "refsource": "MISC", + "url": "http://www.sec-consult.com/files/20081209_mssql-2000-sp_replwritetovarbin_memwrite.txt" + }, + { + "name": "ADV-2008-3380", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3380" + }, + { + "name": "33034", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33034" + }, + { + "name": "50917", + "refsource": "OSVDB", + "url": "http://osvdb.org/50917" + }, + { + "name": "1021363", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021363" + }, + { + "name": "7501", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7501" + }, + { + "name": "1021490", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021490" + }, + { + "name": "mssql-spreplwritetovarbin-bo(47182)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47182" + }, + { + "name": "VU#696644", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/696644" + }, + { + "name": "20081209 SEC Consult SA-20081109-0 :: Microsoft SQL Server 2000 sp_replwritetovarbin limited memory overwrite vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499042/100/0/threaded" + }, + { + "name": "20081210 Microsoft SQL Server 2005 sp_replwritetovarbin memory overwrite(update to SEC Consult SA-20081209)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499085/100/0/threaded" + }, + { + "name": "MS09-004", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-004" + }, + { + "name": "4706", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4706" + }, + { + "name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" + }, + { + "name": "http://www.microsoft.com/technet/security/advisory/961040.mspx", + "refsource": "CONFIRM", + "url": "http://www.microsoft.com/technet/security/advisory/961040.mspx" + }, + { + "name": "32710", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32710" + }, + { + "name": "oval:org.mitre.oval:def:6217", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6217" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + }, + { + "name": "TA09-041A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-041A.html" + }, + { + "name": "20081210 Microsoft SQL Server 2005 sp_replwritetovarbin memory overwrite (update to SEC Consult SA-20081209)", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0304.html" + }, + { + "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-055.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-055.htm" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5518.json b/2008/5xxx/CVE-2008-5518.json index a8003d64146..f91836fbef0 100644 --- a/2008/5xxx/CVE-2008-5518.json +++ b/2008/5xxx/CVE-2008-5518.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5518", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet); the (5) createDB parameter to console/portal/Embedded DB/DB Manager (aka the Embedded DB/DB Manager portlet); or the (6) filename parameter to the createKeystore script in the Security/Keystores portlet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-5518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090416 [DSECRG-09-018] Apache Geronimo - Directory Traversal vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502733/100/0/threaded" - }, - { - "name" : "8458", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8458" - }, - { - "name" : "http://dsecrg.com/pages/vul/show.php?id=118", - "refsource" : "MISC", - "url" : "http://dsecrg.com/pages/vul/show.php?id=118" - }, - { - "name" : "http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214", - "refsource" : "CONFIRM", - "url" : "http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214" - }, - { - "name" : "http://issues.apache.org/jira/browse/GERONIMO-4597", - "refsource" : "CONFIRM", - "url" : "http://issues.apache.org/jira/browse/GERONIMO-4597" - }, - { - "name" : "34562", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34562" - }, - { - "name" : "34715", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34715" - }, - { - "name" : "ADV-2009-1089", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1089" - }, - { - "name" : "geronimo-dbmanager-directory-traversal(49899)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49899" - }, - { - "name" : "geronimo-keystores-directory-traversal(49900)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49900" - }, - { - "name" : "geronimo-repository-directory-traversal(49898)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet); the (5) createDB parameter to console/portal/Embedded DB/DB Manager (aka the Embedded DB/DB Manager portlet); or the (6) filename parameter to the createKeystore script in the Security/Keystores portlet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "geronimo-keystores-directory-traversal(49900)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49900" + }, + { + "name": "geronimo-dbmanager-directory-traversal(49899)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49899" + }, + { + "name": "http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214", + "refsource": "CONFIRM", + "url": "http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214" + }, + { + "name": "ADV-2009-1089", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1089" + }, + { + "name": "34562", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34562" + }, + { + "name": "http://issues.apache.org/jira/browse/GERONIMO-4597", + "refsource": "CONFIRM", + "url": "http://issues.apache.org/jira/browse/GERONIMO-4597" + }, + { + "name": "34715", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34715" + }, + { + "name": "geronimo-repository-directory-traversal(49898)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49898" + }, + { + "name": "8458", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8458" + }, + { + "name": "20090416 [DSECRG-09-018] Apache Geronimo - Directory Traversal vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502733/100/0/threaded" + }, + { + "name": "http://dsecrg.com/pages/vul/show.php?id=118", + "refsource": "MISC", + "url": "http://dsecrg.com/pages/vul/show.php?id=118" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5674.json b/2008/5xxx/CVE-2008-5674.json index 6a2076f0e77..43b62c2b5c0 100644 --- a/2008/5xxx/CVE-2008-5674.json +++ b/2008/5xxx/CVE-2008-5674.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5674", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple array index errors in the HTTP server in Darkwet Network webcamXP 3.72.440.0 and earlier and beta 4.05.280 and earlier allow remote attackers to cause a denial of service (device crash) and read portions of memory via (1) an invalid camnum parameter to the pocketpc component and (2) an invalid id parameter to the show_gallery_pic component." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080219 Access violation and limited informations disclosure in webcamXP 3.72.440.0", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488364/100/200/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/webcamxp-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/webcamxp-adv.txt" - }, - { - "name" : "27875", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27875" - }, - { - "name" : "42927", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/42927" - }, - { - "name" : "42928", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/42928" - }, - { - "name" : "42929", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42929" - }, - { - "name" : "29007", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29007" - }, - { - "name" : "4788", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4788" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple array index errors in the HTTP server in Darkwet Network webcamXP 3.72.440.0 and earlier and beta 4.05.280 and earlier allow remote attackers to cause a denial of service (device crash) and read portions of memory via (1) an invalid camnum parameter to the pocketpc component and (2) an invalid id parameter to the show_gallery_pic component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27875", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27875" + }, + { + "name": "20080219 Access violation and limited informations disclosure in webcamXP 3.72.440.0", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488364/100/200/threaded" + }, + { + "name": "4788", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4788" + }, + { + "name": "http://aluigi.altervista.org/adv/webcamxp-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/webcamxp-adv.txt" + }, + { + "name": "42929", + "refsource": "OSVDB", + "url": "http://osvdb.org/42929" + }, + { + "name": "29007", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29007" + }, + { + "name": "42927", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/42927" + }, + { + "name": "42928", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/42928" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0222.json b/2013/0xxx/CVE-2013-0222.json index ef60dd863c2..914d6726bbe 100644 --- a/2013/0xxx/CVE-2013-0222.json +++ b/2013/0xxx/CVE-2013-0222.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=796243", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=796243" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=903465", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=903465" - }, - { - "name" : "https://build.opensuse.org/request/show/149348#diff_headline_coreutils-i18n-patch_diff_action_0_submit_0_19", - "refsource" : "CONFIRM", - "url" : "https://build.opensuse.org/request/show/149348#diff_headline_coreutils-i18n-patch_diff_action_0_submit_0_19" - }, - { - "name" : "RHSA-2013:1652", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1652.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=903465", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=903465" + }, + { + "name": "RHSA-2013:1652", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1652.html" + }, + { + "name": "https://build.opensuse.org/request/show/149348#diff_headline_coreutils-i18n-patch_diff_action_0_submit_0_19", + "refsource": "CONFIRM", + "url": "https://build.opensuse.org/request/show/149348#diff_headline_coreutils-i18n-patch_diff_action_0_submit_0_19" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=796243", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=796243" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3012.json b/2013/3xxx/CVE-2013-3012.json index ce9599b82d3..e6dac60a534 100644 --- a/2013/3xxx/CVE-2013-3012.json +++ b/2013/3xxx/CVE-2013-3012.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3009 and CVE-2013-3011." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-3012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644197", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644197" - }, - { - "name" : "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336" - }, - { - "name" : "IV44796", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV44796" - }, - { - "name" : "IV44797", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV44797" - }, - { - "name" : "IV44798", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV44798" - }, - { - "name" : "PM91730", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM91730" - }, - { - "name" : "RHSA-2013:1081", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1081.html" - }, - { - "name" : "RHSA-2013:1060", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1060.html" - }, - { - "name" : "RHSA-2013:1059", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1059.html" - }, - { - "name" : "SUSE-SU-2013:1305", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" - }, - { - "name" : "SUSE-SU-2013:1293", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html" - }, - { - "name" : "SUSE-SU-2013:1255", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" - }, - { - "name" : "SUSE-SU-2013:1256", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html" - }, - { - "name" : "SUSE-SU-2013:1257", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" - }, - { - "name" : "SUSE-SU-2013:1263", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html" - }, - { - "name" : "SUSE-SU-2013:1264", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html" - }, - { - "name" : "54154", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54154" - }, - { - "name" : "ibm-java-cve20133012(84153)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84153" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3009 and CVE-2013-3011." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:1060", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html" + }, + { + "name": "ibm-java-cve20133012(84153)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84153" + }, + { + "name": "IV44798", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV44798" + }, + { + "name": "SUSE-SU-2013:1264", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html" + }, + { + "name": "SUSE-SU-2013:1257", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" + }, + { + "name": "IV44796", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV44796" + }, + { + "name": "SUSE-SU-2013:1256", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html" + }, + { + "name": "54154", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54154" + }, + { + "name": "SUSE-SU-2013:1263", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html" + }, + { + "name": "RHSA-2013:1059", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197" + }, + { + "name": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013" + }, + { + "name": "SUSE-SU-2013:1293", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html" + }, + { + "name": "RHSA-2013:1081", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html" + }, + { + "name": "PM91730", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM91730" + }, + { + "name": "SUSE-SU-2013:1255", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" + }, + { + "name": "IV44797", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV44797" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336" + }, + { + "name": "SUSE-SU-2013:1305", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3468.json b/2013/3xxx/CVE-2013-3468.json index 5842c57d176..7110dea988a 100644 --- a/2013/3xxx/CVE-2013-3468.json +++ b/2013/3xxx/CVE-2013-3468.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Cisco Unified IP Phone 8945 with software 9.3(2) allows remote attackers to cause a denial of service (device hang) via a malformed PNG file, aka Bug ID CSCud04270." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-3468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130828 Cisco Unified IP Phone 8945 Crafted PNG Image Lockup Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3468" - }, - { - "name" : "96669", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/96669" - }, - { - "name" : "1028964", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028964" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Cisco Unified IP Phone 8945 with software 9.3(2) allows remote attackers to cause a denial of service (device hang) via a malformed PNG file, aka Bug ID CSCud04270." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1028964", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028964" + }, + { + "name": "96669", + "refsource": "OSVDB", + "url": "http://osvdb.org/96669" + }, + { + "name": "20130828 Cisco Unified IP Phone 8945 Crafted PNG Image Lockup Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3468" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3471.json b/2013/3xxx/CVE-2013-3471.json index ee77793de82..8ddf51c252a 100644 --- a/2013/3xxx/CVE-2013-3471.json +++ b/2013/3xxx/CVE-2013-3471.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3471", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an HTML document, aka Bug ID CSCug02515." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-3471", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=30524", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=30524" - }, - { - "name" : "20130828 Cisco ISE Captive Portal Application Plaintext Credentials Exposure Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3471" - }, - { - "name" : "1028965", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028965" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an HTML document, aka Bug ID CSCug02515." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130828 Cisco ISE Captive Portal Application Plaintext Credentials Exposure Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3471" + }, + { + "name": "1028965", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028965" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30524", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30524" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3530.json b/2013/3xxx/CVE-2013-3530.json index 433a24feb77..54c494682a5 100644 --- a/2013/3xxx/CVE-2013-3530.json +++ b/2013/3xxx/CVE-2013-3530.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3530", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in playlist.php in the Spiffy XSPF Player plugin 0.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the playlist_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3530", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/121204/WordPress-Spiffy-XSPF-Player-0.1-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/121204/WordPress-Spiffy-XSPF-Player-0.1-SQL-Injection.html" - }, - { - "name" : "58976", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58976" - }, - { - "name" : "92258", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/92258" - }, - { - "name" : "wp-spiffyxspfplayer-playlist-sql-injection(83345)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83345" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in playlist.php in the Spiffy XSPF Player plugin 0.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the playlist_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wp-spiffyxspfplayer-playlist-sql-injection(83345)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83345" + }, + { + "name": "http://packetstormsecurity.com/files/121204/WordPress-Spiffy-XSPF-Player-0.1-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/121204/WordPress-Spiffy-XSPF-Player-0.1-SQL-Injection.html" + }, + { + "name": "92258", + "refsource": "OSVDB", + "url": "http://osvdb.org/92258" + }, + { + "name": "58976", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58976" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4540.json b/2013/4xxx/CVE-2013-4540.json index a67a1392247..3a8638c5dd3 100644 --- a/2013/4xxx/CVE-2013-4540.json +++ b/2013/4xxx/CVE-2013-4540.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues", - "refsource" : "MLIST", - "url" : "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html" - }, - { - "name" : "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released", - "refsource" : "MLIST", - "url" : "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=52f91c3723932f8340fe36c8ec8b18a757c37b2b", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=52f91c3723932f8340fe36c8ec8b18a757c37b2b" - }, - { - "name" : "FEDORA-2014-6288", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html" - }, - { - "name" : "openSUSE-SU-2014:1279", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html" - }, - { - "name" : "openSUSE-SU-2014:1281", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:1281", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html" + }, + { + "name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released", + "refsource": "MLIST", + "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html" + }, + { + "name": "openSUSE-SU-2014:1279", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html" + }, + { + "name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues", + "refsource": "MLIST", + "url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html" + }, + { + "name": "FEDORA-2014-6288", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=52f91c3723932f8340fe36c8ec8b18a757c37b2b", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=52f91c3723932f8340fe36c8ec8b18a757c37b2b" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4554.json b/2013/4xxx/CVE-2013-4554.json index f6f58a3d8c0..5138f5b3149 100644 --- a/2013/4xxx/CVE-2013-4554.json +++ b/2013/4xxx/CVE-2013-4554.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4554", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4554", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131126 Xen Security Advisory 76 (CVE-2013-4554) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/11/26/9" - }, - { - "name" : "GLSA-201407-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201407-03.xml" - }, - { - "name" : "RHSA-2014:0285", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0285.html" - }, - { - "name" : "openSUSE-SU-2013:1876", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00059.html" - }, - { - "name" : "SUSE-SU-2014:0411", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html" - }, - { - "name" : "SUSE-SU-2014:0372", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html" - }, - { - "name" : "SUSE-SU-2014:0446", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" - }, - { - "name" : "SUSE-SU-2014:0470", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2014:0470", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html" + }, + { + "name": "RHSA-2014:0285", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0285.html" + }, + { + "name": "GLSA-201407-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201407-03.xml" + }, + { + "name": "[oss-security] 20131126 Xen Security Advisory 76 (CVE-2013-4554) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/11/26/9" + }, + { + "name": "SUSE-SU-2014:0372", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html" + }, + { + "name": "SUSE-SU-2014:0446", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" + }, + { + "name": "SUSE-SU-2014:0411", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html" + }, + { + "name": "openSUSE-SU-2013:1876", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00059.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4657.json b/2013/4xxx/CVE-2013-4657.json index 654a2dcdfcc..dbe58c3bc07 100644 --- a/2013/4xxx/CVE-2013-4657.json +++ b/2013/4xxx/CVE-2013-4657.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4657", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4657", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6101.json b/2013/6xxx/CVE-2013-6101.json index ce8cad013df..ad319ee0c0c 100644 --- a/2013/6xxx/CVE-2013-6101.json +++ b/2013/6xxx/CVE-2013-6101.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6101", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6101", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7273.json b/2013/7xxx/CVE-2013-7273.json index 0114bcc10cb..2660d1a97ba 100644 --- a/2013/7xxx/CVE-2013-7273.json +++ b/2013/7xxx/CVE-2013-7273.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140107 CVE Re: request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/01/07/10" - }, - { - "name" : "[oss-security] 20140107 CVE Re: request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/01/07/16" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=704284", - "refsource" : "MISC", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=704284" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683338", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683338" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1050745", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1050745" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140107 CVE Re: request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/01/07/10" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=704284", + "refsource": "MISC", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=704284" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683338", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683338" + }, + { + "name": "[oss-security] 20140107 CVE Re: request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/01/07/16" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1050745", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1050745" + } + ] + } +} \ No newline at end of file diff --git a/2013/7xxx/CVE-2013-7371.json b/2013/7xxx/CVE-2013-7371.json index c379885ad7d..dcb57d359d6 100644 --- a/2013/7xxx/CVE-2013-7371.json +++ b/2013/7xxx/CVE-2013-7371.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-7371", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7371", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10526.json b/2017/10xxx/CVE-2017-10526.json index 3102178b1bf..5eced15ed4f 100644 --- a/2017/10xxx/CVE-2017-10526.json +++ b/2017/10xxx/CVE-2017-10526.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10526", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10526", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10537.json b/2017/10xxx/CVE-2017-10537.json index c8ebc8cecb6..2c0ca2e2b58 100644 --- a/2017/10xxx/CVE-2017-10537.json +++ b/2017/10xxx/CVE-2017-10537.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10537", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10537", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10699.json b/2017/10xxx/CVE-2017-10699.json index 57e57a3ee02..87e87372a20 100644 --- a/2017/10xxx/CVE-2017-10699.json +++ b/2017/10xxx/CVE-2017-10699.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://trac.videolan.org/vlc/ticket/18467", - "refsource" : "CONFIRM", - "url" : "https://trac.videolan.org/vlc/ticket/18467" - }, - { - "name" : "DSA-4045", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4045" - }, - { - "name" : "1038816", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038816" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038816", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038816" + }, + { + "name": "DSA-4045", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4045" + }, + { + "name": "https://trac.videolan.org/vlc/ticket/18467", + "refsource": "CONFIRM", + "url": "https://trac.videolan.org/vlc/ticket/18467" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10758.json b/2017/10xxx/CVE-2017-10758.json index 5b5bd3aa935..da7260303bf 100644 --- a/2017/10xxx/CVE-2017-10758.json +++ b/2017/10xxx/CVE-2017-10758.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000004b4.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10758", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10758" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000004b4.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10758", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10758" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10915.json b/2017/10xxx/CVE-2017-10915.json index 86781761a9c..23ada49ef8c 100644 --- a/2017/10xxx/CVE-2017-10915.json +++ b/2017/10xxx/CVE-2017-10915.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10915", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10915", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://xenbits.xen.org/xsa/advisory-219.html", - "refsource" : "CONFIRM", - "url" : "https://xenbits.xen.org/xsa/advisory-219.html" - }, - { - "name" : "DSA-3969", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3969" - }, - { - "name" : "GLSA-201708-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201708-03" - }, - { - "name" : "GLSA-201710-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-17" - }, - { - "name" : "99174", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99174" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201708-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201708-03" + }, + { + "name": "DSA-3969", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3969" + }, + { + "name": "99174", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99174" + }, + { + "name": "https://xenbits.xen.org/xsa/advisory-219.html", + "refsource": "CONFIRM", + "url": "https://xenbits.xen.org/xsa/advisory-219.html" + }, + { + "name": "GLSA-201710-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-17" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12281.json b/2017/12xxx/CVE-2017-12281.json index b491f414cd5..ded1b5c3afd 100644 --- a/2017/12xxx/CVE-2017-12281.json +++ b/2017/12xxx/CVE-2017-12281.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Aironet 1800, 2800, and 3800 Series Access Points", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Aironet 1800, 2800, and 3800 Series Access Points" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent attacker to bypass authentication and connect to an affected device. The vulnerability exists because the affected device uses an incorrect default configuration setting of fail open when running in standalone mode. An attacker could exploit this vulnerability by attempting to connect to an affected device. A successful exploit could allow the attacker to bypass authentication and connect to the affected device. This vulnerability affects Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running a vulnerable software release and use WLAN configuration settings that include FlexConnect local switching and central authentication with MAC filtering. Cisco Bug IDs: CSCvd46314." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-287" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Aironet 1800, 2800, and 3800 Series Access Points", + "version": { + "version_data": [ + { + "version_value": "Cisco Aironet 1800, 2800, and 3800 Series Access Points" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet3", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet3" - }, - { - "name" : "101649", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101649" - }, - { - "name" : "1039725", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039725" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent attacker to bypass authentication and connect to an affected device. The vulnerability exists because the affected device uses an incorrect default configuration setting of fail open when running in standalone mode. An attacker could exploit this vulnerability by attempting to connect to an affected device. A successful exploit could allow the attacker to bypass authentication and connect to the affected device. This vulnerability affects Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running a vulnerable software release and use WLAN configuration settings that include FlexConnect local switching and central authentication with MAC filtering. Cisco Bug IDs: CSCvd46314." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101649", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101649" + }, + { + "name": "1039725", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039725" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet3", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet3" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12699.json b/2017/12xxx/CVE-2017-12699.json index b5776a8bf0b..6e4596f5846 100644 --- a/2017/12xxx/CVE-2017-12699.json +++ b/2017/12xxx/CVE-2017-12699.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-12699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "AzeoTech DAQFactory", - "version" : { - "version_data" : [ - { - "version_value" : "AzeoTech DAQFactory" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with malicious ones." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-276" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-12699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AzeoTech DAQFactory", + "version": { + "version_data": [ + { + "version_value": "AzeoTech DAQFactory" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-01" - }, - { - "name" : "100522", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100522" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with malicious ones." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-276" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100522", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100522" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12884.json b/2017/12xxx/CVE-2017-12884.json index f316f3ddff1..b07aa77cc14 100644 --- a/2017/12xxx/CVE-2017-12884.json +++ b/2017/12xxx/CVE-2017-12884.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12884", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12884", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13114.json b/2017/13xxx/CVE-2017-13114.json index 94bd0ba533e..f3c1e84eb7d 100644 --- a/2017/13xxx/CVE-2017-13114.json +++ b/2017/13xxx/CVE-2017-13114.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13114", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-13114", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13409.json b/2017/13xxx/CVE-2017-13409.json index 4e71b880518..2ac008fdebb 100644 --- a/2017/13xxx/CVE-2017-13409.json +++ b/2017/13xxx/CVE-2017-13409.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13409", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13409", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13455.json b/2017/13xxx/CVE-2017-13455.json index 820de0ab05c..b667ba226a1 100644 --- a/2017/13xxx/CVE-2017-13455.json +++ b/2017/13xxx/CVE-2017-13455.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13455", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13455", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13581.json b/2017/13xxx/CVE-2017-13581.json index 9cbfea38e96..00cbdf3fbad 100644 --- a/2017/13xxx/CVE-2017-13581.json +++ b/2017/13xxx/CVE-2017-13581.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13581", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13581", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13781.json b/2017/13xxx/CVE-2017-13781.json index e3504ca941f..d2297a8e00e 100644 --- a/2017/13xxx/CVE-2017-13781.json +++ b/2017/13xxx/CVE-2017-13781.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13781", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13781", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13788.json b/2017/13xxx/CVE-2017-13788.json index 78e9660a3d8..9d5dab1d195 100644 --- a/2017/13xxx/CVE-2017-13788.json +++ b/2017/13xxx/CVE-2017-13788.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-13788", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-13788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208219", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208219" - }, - { - "name" : "https://support.apple.com/HT208222", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208222" - }, - { - "name" : "https://support.apple.com/HT208223", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208223" - }, - { - "name" : "https://support.apple.com/HT208224", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208224" - }, - { - "name" : "https://support.apple.com/HT208225", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208225" - }, - { - "name" : "GLSA-201712-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201712-01" - }, - { - "name" : "1039703", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208225", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208225" + }, + { + "name": "https://support.apple.com/HT208222", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208222" + }, + { + "name": "https://support.apple.com/HT208219", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208219" + }, + { + "name": "https://support.apple.com/HT208224", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208224" + }, + { + "name": "GLSA-201712-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201712-01" + }, + { + "name": "1039703", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039703" + }, + { + "name": "https://support.apple.com/HT208223", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208223" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17706.json b/2017/17xxx/CVE-2017-17706.json index a66780db044..025ebe720cc 100644 --- a/2017/17xxx/CVE-2017-17706.json +++ b/2017/17xxx/CVE-2017-17706.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17706", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17706", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17773.json b/2017/17xxx/CVE-2017-17773.json index 11c9341b8c1..9952db26396 100644 --- a/2017/17xxx/CVE-2017-17773.json +++ b/2017/17xxx/CVE-2017-17773.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-17773", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Snapdragon Automobile, Snapdragon Wearable and Snapdragon Mobile MDM9206,MDM9607,MDM9650,SD 210/SD 212/SD 205,SD 400,SD 410/12,SD 425,SD 430,SD 450,SD 600,SD 602A,SD 615/16/SD 415,SD 617,SD 625,SD 650/52,SD 800,SD 808,SD 810,SD 820,SD 820Am,SD 835,SD 845,MSM8909W, improper input validation in video_fmt_mp4r_process_atom_avc1() causes a potential buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-17773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-03-01" - }, - { - "name" : "103292", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103292" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Snapdragon Automobile, Snapdragon Wearable and Snapdragon Mobile MDM9206,MDM9607,MDM9650,SD 210/SD 212/SD 205,SD 400,SD 410/12,SD 425,SD 430,SD 450,SD 600,SD 602A,SD 615/16/SD 415,SD 617,SD 625,SD 650/52,SD 800,SD 808,SD 810,SD 820,SD 820Am,SD 835,SD 845,MSM8909W, improper input validation in video_fmt_mp4r_process_atom_avc1() causes a potential buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-03-01" + }, + { + "name": "103292", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103292" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17818.json b/2017/17xxx/CVE-2017-17818.json index 58f0229fc2d..c6b4c5600f0 100644 --- a/2017/17xxx/CVE-2017-17818.json +++ b/2017/17xxx/CVE-2017-17818.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.nasm.us/show_bug.cgi?id=3392428", - "refsource" : "MISC", - "url" : "https://bugzilla.nasm.us/show_bug.cgi?id=3392428" - }, - { - "name" : "USN-3694-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3694-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3694-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3694-1/" + }, + { + "name": "https://bugzilla.nasm.us/show_bug.cgi?id=3392428", + "refsource": "MISC", + "url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392428" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0246.json b/2018/0xxx/CVE-2018-0246.json index 87833ece0eb..1a754692bcc 100644 --- a/2018/0xxx/CVE-2018-0246.json +++ b/2018/0xxx/CVE-2018-0246.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0246", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-0246", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0725.json b/2018/0xxx/CVE-2018-0725.json index 5aaf6c3163f..59eb7967b5e 100644 --- a/2018/0xxx/CVE-2018-0725.json +++ b/2018/0xxx/CVE-2018-0725.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0725", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-0725", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18264.json b/2018/18xxx/CVE-2018-18264.json index 81d5ca2d5db..9d1fca97635 100644 --- a/2018/18xxx/CVE-2018-18264.json +++ b/2018/18xxx/CVE-2018-18264.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18264", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18264", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/kubernetes/dashboard/pull/3289", - "refsource" : "MISC", - "url" : "https://github.com/kubernetes/dashboard/pull/3289" - }, - { - "name" : "https://github.com/kubernetes/dashboard/pull/3400", - "refsource" : "MISC", - "url" : "https://github.com/kubernetes/dashboard/pull/3400" - }, - { - "name" : "https://github.com/kubernetes/dashboard/releases/tag/v1.10.1", - "refsource" : "MISC", - "url" : "https://github.com/kubernetes/dashboard/releases/tag/v1.10.1" - }, - { - "name" : "https://groups.google.com/forum/#!topic/kubernetes-announce/yBrFf5nmvfI", - "refsource" : "MISC", - "url" : "https://groups.google.com/forum/#!topic/kubernetes-announce/yBrFf5nmvfI" - }, - { - "name" : "https://sysdig.com/blog/privilege-escalation-kubernetes-dashboard/", - "refsource" : "MISC", - "url" : "https://sysdig.com/blog/privilege-escalation-kubernetes-dashboard/" - }, - { - "name" : "106493", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106493" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sysdig.com/blog/privilege-escalation-kubernetes-dashboard/", + "refsource": "MISC", + "url": "https://sysdig.com/blog/privilege-escalation-kubernetes-dashboard/" + }, + { + "name": "106493", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106493" + }, + { + "name": "https://groups.google.com/forum/#!topic/kubernetes-announce/yBrFf5nmvfI", + "refsource": "MISC", + "url": "https://groups.google.com/forum/#!topic/kubernetes-announce/yBrFf5nmvfI" + }, + { + "name": "https://github.com/kubernetes/dashboard/releases/tag/v1.10.1", + "refsource": "MISC", + "url": "https://github.com/kubernetes/dashboard/releases/tag/v1.10.1" + }, + { + "name": "https://github.com/kubernetes/dashboard/pull/3400", + "refsource": "MISC", + "url": "https://github.com/kubernetes/dashboard/pull/3400" + }, + { + "name": "https://github.com/kubernetes/dashboard/pull/3289", + "refsource": "MISC", + "url": "https://github.com/kubernetes/dashboard/pull/3289" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18820.json b/2018/18xxx/CVE-2018-18820.json index 6b72278727b..d8bc421bca3 100644 --- a/2018/18xxx/CVE-2018-18820.json +++ b/2018/18xxx/CVE-2018-18820.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20181101 Icecast 2.4.4 - CVE-2018-18820 - buffer overflow in url-auth", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2018/11/01/3" - }, - { - "name" : "[debian-lts-announce] 20181126 [SECURITY] [DLA-1588-1] icecast2 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00033.html" - }, - { - "name" : "DSA-4333", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4333" - }, - { - "name" : "GLSA-201811-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-09" - }, - { - "name" : "1042019", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1042019", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042019" + }, + { + "name": "GLSA-201811-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-09" + }, + { + "name": "[debian-lts-announce] 20181126 [SECURITY] [DLA-1588-1] icecast2 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00033.html" + }, + { + "name": "[oss-security] 20181101 Icecast 2.4.4 - CVE-2018-18820 - buffer overflow in url-auth", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2018/11/01/3" + }, + { + "name": "DSA-4333", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4333" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19182.json b/2018/19xxx/CVE-2018-19182.json index c829896a3a1..ae8da03669c 100644 --- a/2018/19xxx/CVE-2018-19182.json +++ b/2018/19xxx/CVE-2018-19182.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19182", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Engelsystem before commit hash 2e28336 allows CSRF." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19182", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/MyIgel/engelsystem/commit/2e28336818183e2c63c8015fb476bc01c822f50a", - "refsource" : "CONFIRM", - "url" : "https://github.com/MyIgel/engelsystem/commit/2e28336818183e2c63c8015fb476bc01c822f50a" - }, - { - "name" : "https://github.com/engelsystem/engelsystem/issues/494", - "refsource" : "CONFIRM", - "url" : "https://github.com/engelsystem/engelsystem/issues/494" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Engelsystem before commit hash 2e28336 allows CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/MyIgel/engelsystem/commit/2e28336818183e2c63c8015fb476bc01c822f50a", + "refsource": "CONFIRM", + "url": "https://github.com/MyIgel/engelsystem/commit/2e28336818183e2c63c8015fb476bc01c822f50a" + }, + { + "name": "https://github.com/engelsystem/engelsystem/issues/494", + "refsource": "CONFIRM", + "url": "https://github.com/engelsystem/engelsystem/issues/494" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19693.json b/2018/19xxx/CVE-2018-19693.json index c42ee5352af..02d7b0244c5 100644 --- a/2018/19xxx/CVE-2018-19693.json +++ b/2018/19xxx/CVE-2018-19693.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19693", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the title parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19693", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/fmsdwifull/tp5cms/issues/6", - "refsource" : "MISC", - "url" : "https://github.com/fmsdwifull/tp5cms/issues/6" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the title parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/fmsdwifull/tp5cms/issues/6", + "refsource": "MISC", + "url": "https://github.com/fmsdwifull/tp5cms/issues/6" + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19855.json b/2018/19xxx/CVE-2018-19855.json index 18c094dc359..40db2bd2b2b 100644 --- a/2018/19xxx/CVE-2018-19855.json +++ b/2018/19xxx/CVE-2018-19855.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19855", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19855", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1337.json b/2018/1xxx/CVE-2018-1337.json index c6d06cfd1c1..baa1216bd4d 100644 --- a/2018/1xxx/CVE-2018-1337.json +++ b/2018/1xxx/CVE-2018-1337.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-07-10T00:00:00", - "ID" : "CVE-2018-1337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Directory", - "version" : { - "version_data" : [ - { - "version_value" : "LDAP API prior to 1.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any information contained in this request (including the credentials when sending a BIND request)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Plaintext Password Disclosure in Secured Channel" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-07-10T00:00:00", + "ID": "CVE-2018-1337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Directory", + "version": { + "version_data": [ + { + "version_value": "LDAP API prior to 1.0.2" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[directory-dev] 20180710 [Annoucement] CVE-2018-1337 Plaintext Password Disclosure in Secured Channel", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/d66081195e9a02ee7cc20fb243b60467d1419586eed28297d820768f@%3Cdev.directory.apache.org%3E" - }, - { - "name" : "104744", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104744" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any information contained in this request (including the credentials when sending a BIND request)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Plaintext Password Disclosure in Secured Channel" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104744", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104744" + }, + { + "name": "[directory-dev] 20180710 [Annoucement] CVE-2018-1337 Plaintext Password Disclosure in Secured Channel", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/d66081195e9a02ee7cc20fb243b60467d1419586eed28297d820768f@%3Cdev.directory.apache.org%3E" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1652.json b/2018/1xxx/CVE-2018-1652.json index 9b27a4a38cc..5b9cf070c41 100644 --- a/2018/1xxx/CVE-2018-1652.json +++ b/2018/1xxx/CVE-2018-1652.json @@ -1,145 +1,145 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-12-10T00:00:00", - "ID" : "CVE-2018-1652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DataPower Gateways", - "version" : { - "version_data" : [ - { - "version_value" : "7.1.0.0" - }, - { - "version_value" : "7.2.0.0" - }, - { - "version_value" : "7.5.0.0" - }, - { - "version_value" : "7.5.1.0" - }, - { - "version_value" : "7.6.0.0" - }, - { - "version_value" : "7.5.2.0" - }, - { - "version_value" : "7.6.0.2" - }, - { - "version_value" : "7.5.2.9" - }, - { - "version_value" : "7.5.1.9" - }, - { - "version_value" : "7.5.0.10" - }, - { - "version_value" : "7.2.0.16" - }, - { - "version_value" : "7.1.0.19" - } - ] - } - }, - { - "product_name" : "MQ Appliance", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1" - }, - { - "version_value" : "9.0.5" - }, - { - "version_value" : "8.0.0.0" - }, - { - "version_value" : "8.0.0.8" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, 7.5.1.0 through 7.5.1.9, 7.5.2.0 through 7.5.2.9, and 7.6.0.0 through 7.6.0.2 and IBM MQ Appliance 8.0.0.0 through 8.0.0.8 and 9.0.1 through 9.0.5 could allow a local user to cause a denial of service through unknown vectors. IBM X-Force ID: 144724." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "H", - "AC" : "L", - "AV" : "L", - "C" : "N", - "I" : "N", - "PR" : "N", - "S" : "U", - "SCORE" : "6.200", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-12-10T00:00:00", + "ID": "CVE-2018-1652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DataPower Gateways", + "version": { + "version_data": [ + { + "version_value": "7.1.0.0" + }, + { + "version_value": "7.2.0.0" + }, + { + "version_value": "7.5.0.0" + }, + { + "version_value": "7.5.1.0" + }, + { + "version_value": "7.6.0.0" + }, + { + "version_value": "7.5.2.0" + }, + { + "version_value": "7.6.0.2" + }, + { + "version_value": "7.5.2.9" + }, + { + "version_value": "7.5.1.9" + }, + { + "version_value": "7.5.0.10" + }, + { + "version_value": "7.2.0.16" + }, + { + "version_value": "7.1.0.19" + } + ] + } + }, + { + "product_name": "MQ Appliance", + "version": { + "version_data": [ + { + "version_value": "9.0.1" + }, + { + "version_value": "9.0.5" + }, + { + "version_value": "8.0.0.0" + }, + { + "version_value": "8.0.0.8" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10717483", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10717483" - }, - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10744557", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10744557" - }, - { - "name" : "ibm-mq-cve20181652-dos(144724)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144724" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, 7.5.1.0 through 7.5.1.9, 7.5.2.0 through 7.5.2.9, and 7.6.0.0 through 7.6.0.2 and IBM MQ Appliance 8.0.0.0 through 8.0.0.8 and 9.0.1 through 9.0.5 could allow a local user to cause a denial of service through unknown vectors. IBM X-Force ID: 144724." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "H", + "AC": "L", + "AV": "L", + "C": "N", + "I": "N", + "PR": "N", + "S": "U", + "SCORE": "6.200", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-mq-cve20181652-dos(144724)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144724" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10717483", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10717483" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10744557", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10744557" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1871.json b/2018/1xxx/CVE-2018-1871.json index bb2248ad4b5..8b579ab0a1a 100644 --- a/2018/1xxx/CVE-2018-1871.json +++ b/2018/1xxx/CVE-2018-1871.json @@ -1,99 +1,99 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-12-04T00:00:00", - "ID" : "CVE-2018-1871", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Financial Transaction Manager", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.2" - }, - { - "version_value" : "3.0.5" - }, - { - "version_value" : "3.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151329." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-12-04T00:00:00", + "ID": "CVE-2018-1871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Transaction Manager", + "version": { + "version_data": [ + { + "version_value": "3.0.2" + }, + { + "version_value": "3.0.5" + }, + { + "version_value": "3.0.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10743123", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10743123" - }, - { - "name" : "106149", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106149" - }, - { - "name" : "ibm-ftm-cve20181871-xss(151329)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/151329" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151329." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10743123", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10743123" + }, + { + "name": "106149", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106149" + }, + { + "name": "ibm-ftm-cve20181871-xss(151329)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151329" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5315.json b/2018/5xxx/CVE-2018-5315.json index bb8c0ab9386..fe1224fe936 100644 --- a/2018/5xxx/CVE-2018-5315.json +++ b/2018/5xxx/CVE-2018-5315.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5315", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to event.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5315", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43479", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43479/" - }, - { - "name" : "http://packetstormsecurity.com/files/145833/WordPress-Events-Calendar-1.0-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/145833/WordPress-Events-Calendar-1.0-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to event.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/145833/WordPress-Events-Calendar-1.0-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/145833/WordPress-Events-Calendar-1.0-SQL-Injection.html" + }, + { + "name": "43479", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43479/" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5669.json b/2018/5xxx/CVE-2018-5669.json index f0b5a83ef8e..e2188463ad0 100644 --- a/2018/5xxx/CVE-2018-5669.json +++ b/2018/5xxx/CVE-2018-5669.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the read-and-understood plugin 2.1 for WordPress. CSRF exists via wp-admin/options-general.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/read-and-understood.md", - "refsource" : "MISC", - "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/read-and-understood.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the read-and-understood plugin 2.1 for WordPress. CSRF exists via wp-admin/options-general.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/read-and-understood.md", + "refsource": "MISC", + "url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/read-and-understood.md" + } + ] + } +} \ No newline at end of file