From 056679991b208fcd214e332854c6b4b47c24ef67 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:21:26 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0003.json | 140 ++++---- 2001/0xxx/CVE-2001-0084.json | 150 ++++---- 2001/0xxx/CVE-2001-0237.json | 160 ++++----- 2001/0xxx/CVE-2001-0241.json | 180 +++++----- 2001/0xxx/CVE-2001-0264.json | 130 +++---- 2001/0xxx/CVE-2001-0318.json | 170 ++++----- 2001/0xxx/CVE-2001-0452.json | 140 ++++---- 2001/0xxx/CVE-2001-0746.json | 150 ++++---- 2001/1xxx/CVE-2001-1588.json | 34 +- 2008/1xxx/CVE-2008-1235.json | 620 ++++++++++++++++----------------- 2008/1xxx/CVE-2008-1342.json | 120 +++---- 2008/1xxx/CVE-2008-1383.json | 170 ++++----- 2008/1xxx/CVE-2008-1434.json | 210 +++++------ 2008/1xxx/CVE-2008-1898.json | 180 +++++----- 2008/5xxx/CVE-2008-5008.json | 170 ++++----- 2008/5xxx/CVE-2008-5316.json | 190 +++++----- 2008/5xxx/CVE-2008-5471.json | 34 +- 2008/5xxx/CVE-2008-5941.json | 140 ++++---- 2011/2xxx/CVE-2011-2195.json | 34 +- 2011/2xxx/CVE-2011-2628.json | 160 ++++----- 2011/2xxx/CVE-2011-2764.json | 230 ++++++------ 2013/0xxx/CVE-2013-0552.json | 34 +- 2013/0xxx/CVE-2013-0820.json | 34 +- 2013/0xxx/CVE-2013-0851.json | 130 +++---- 2013/1xxx/CVE-2013-1140.json | 120 +++---- 2013/1xxx/CVE-2013-1331.json | 150 ++++---- 2013/1xxx/CVE-2013-1630.json | 140 ++++---- 2013/1xxx/CVE-2013-1644.json | 34 +- 2013/1xxx/CVE-2013-1925.json | 170 ++++----- 2013/3xxx/CVE-2013-3450.json | 120 +++---- 2013/4xxx/CVE-2013-4482.json | 130 +++---- 2013/4xxx/CVE-2013-4846.json | 130 +++---- 2017/12xxx/CVE-2017-12384.json | 34 +- 2017/12xxx/CVE-2017-12385.json | 34 +- 2017/12xxx/CVE-2017-12462.json | 34 +- 2017/12xxx/CVE-2017-12906.json | 130 +++---- 2017/13xxx/CVE-2017-13150.json | 140 ++++---- 2017/13xxx/CVE-2017-13172.json | 122 +++---- 2017/13xxx/CVE-2017-13743.json | 140 ++++---- 2017/16xxx/CVE-2017-16149.json | 132 +++---- 2017/16xxx/CVE-2017-16480.json | 34 +- 2017/16xxx/CVE-2017-16508.json | 34 +- 2017/16xxx/CVE-2017-16937.json | 34 +- 2017/17xxx/CVE-2017-17113.json | 120 +++---- 2017/17xxx/CVE-2017-17734.json | 130 +++---- 2017/4xxx/CVE-2017-4189.json | 34 +- 2017/4xxx/CVE-2017-4442.json | 34 +- 2017/4xxx/CVE-2017-4678.json | 34 +- 2018/18xxx/CVE-2018-18153.json | 34 +- 2018/18xxx/CVE-2018-18441.json | 120 +++---- 2018/18xxx/CVE-2018-18566.json | 140 ++++---- 2018/18xxx/CVE-2018-18691.json | 34 +- 2018/1xxx/CVE-2018-1738.json | 184 +++++----- 2018/1xxx/CVE-2018-1876.json | 172 ++++----- 2018/5xxx/CVE-2018-5033.json | 140 ++++---- 2018/5xxx/CVE-2018-5116.json | 162 ++++----- 2018/5xxx/CVE-2018-5373.json | 120 +++---- 2018/5xxx/CVE-2018-5924.json | 152 ++++---- 58 files changed, 3591 insertions(+), 3591 deletions(-) diff --git a/2001/0xxx/CVE-2001-0003.json b/2001/0xxx/CVE-2001-0003.json index b9817fb206c..149a1f011f4 100644 --- a/2001/0xxx/CVE-2001-0003.json +++ b/2001/0xxx/CVE-2001-0003.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0003", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the \"Web Client NTLM Authentication\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS01-001", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-001" - }, - { - "name" : "wec-ntlm-authentication(5920)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5920" - }, - { - "name" : "2199", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2199" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the \"Web Client NTLM Authentication\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wec-ntlm-authentication(5920)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5920" + }, + { + "name": "MS01-001", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-001" + }, + { + "name": "2199", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2199" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0084.json b/2001/0xxx/CVE-2001-0084.json index 6d0135d597a..1ae27a3b449 100644 --- a/2001/0xxx/CVE-2001-0084.json +++ b/2001/0xxx/CVE-2001-0084.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010102 gtk+ security hole.", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-12/0498.html" - }, - { - "name" : "20010103 Claimed vulnerability in GTK_MODULES", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-01/0027.html" - }, - { - "name" : "2165", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2165" - }, - { - "name" : "http://www.gtk.org/setuid.html", - "refsource" : "MISC", - "url" : "http://www.gtk.org/setuid.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2165", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2165" + }, + { + "name": "20010102 gtk+ security hole.", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0498.html" + }, + { + "name": "20010103 Claimed vulnerability in GTK_MODULES", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-01/0027.html" + }, + { + "name": "http://www.gtk.org/setuid.html", + "refsource": "MISC", + "url": "http://www.gtk.org/setuid.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0237.json b/2001/0xxx/CVE-2001-0237.json index 1fca68a6b8f..832e6280bbf 100644 --- a/2001/0xxx/CVE-2001-0237.json +++ b/2001/0xxx/CVE-2001-0237.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010509 def-2001-24: Windows 2000 Kerberos DoS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98942093221908&w=2" - }, - { - "name" : "MS01-024", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-024" - }, - { - "name" : "L-079", - "refsource" : "CIAC", - "url" : "http://ciac.llnl.gov/ciac/bulletins/l-079.shtml" - }, - { - "name" : "win2k-kerberos-dos(6506)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6506" - }, - { - "name" : "2707", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2707" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS01-024", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-024" + }, + { + "name": "win2k-kerberos-dos(6506)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6506" + }, + { + "name": "20010509 def-2001-24: Windows 2000 Kerberos DoS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98942093221908&w=2" + }, + { + "name": "L-079", + "refsource": "CIAC", + "url": "http://ciac.llnl.gov/ciac/bulletins/l-079.shtml" + }, + { + "name": "2707", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2707" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0241.json b/2001/0xxx/CVE-2001-0241.json index c7559e5f40d..1aa7ef3e78e 100644 --- a/2001/0xxx/CVE-2001-0241.json +++ b/2001/0xxx/CVE-2001-0241.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0241", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0241", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010501 Windows 2000 IIS 5.0 Remote buffer overflow vulnerability (Remote SYSTEM Level Access)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98874912915948&w=2" - }, - { - "name" : "MS01-023", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-023" - }, - { - "name" : "CA-2001-10", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2001-10.html" - }, - { - "name" : "2674", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2674" - }, - { - "name" : "iis-isapi-printer-bo(6485)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6485" - }, - { - "name" : "3323", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3323" - }, - { - "name" : "oval:org.mitre.oval:def:1068", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1068" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2674", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2674" + }, + { + "name": "oval:org.mitre.oval:def:1068", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1068" + }, + { + "name": "3323", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3323" + }, + { + "name": "iis-isapi-printer-bo(6485)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6485" + }, + { + "name": "MS01-023", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-023" + }, + { + "name": "CA-2001-10", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2001-10.html" + }, + { + "name": "20010501 Windows 2000 IIS 5.0 Remote buffer overflow vulnerability (Remote SYSTEM Level Access)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98874912915948&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0264.json b/2001/0xxx/CVE-2001-0264.json index b8c10e2ef04..3551928f5d6 100644 --- a/2001/0xxx/CVE-2001-0264.json +++ b/2001/0xxx/CVE-2001-0264.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0264", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network share, which causes the server to send the credentials to the host that owns the share, and allows the attacker to sniff the connection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0264", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A040301-1", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2001/a040301-1.txt" - }, - { - "name" : "2534", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2534" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network share, which causes the server to send the credentials to the host that owns the share, and allows the attacker to sniff the connection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2534", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2534" + }, + { + "name": "A040301-1", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2001/a040301-1.txt" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0318.json b/2001/0xxx/CVE-2001-0318.json index a209b8ef397..2441376d805 100644 --- a/2001/0xxx/CVE-2001-0318.json +++ b/2001/0xxx/CVE-2001-0318.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010110 proftpd 1.2.0rc2 -- example of bad coding", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=97916525715657&w=2" - }, - { - "name" : "20010206 Response to ProFTPD issues", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-02/0117.html" - }, - { - "name" : "MDKSA-2001:021", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-021.php3" - }, - { - "name" : "DSA-029", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2001/dsa-029" - }, - { - "name" : "CLA-2001:380", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000380" - }, - { - "name" : "proftpd-format-string(6433)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2001:021", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-021.php3" + }, + { + "name": "CLA-2001:380", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000380" + }, + { + "name": "proftpd-format-string(6433)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6433" + }, + { + "name": "20010110 proftpd 1.2.0rc2 -- example of bad coding", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=97916525715657&w=2" + }, + { + "name": "20010206 Response to ProFTPD issues", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0117.html" + }, + { + "name": "DSA-029", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2001/dsa-029" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0452.json b/2001/0xxx/CVE-2001-0452.json index d63d68618e6..eef3962c078 100644 --- a/2001/0xxx/CVE-2001-0452.json +++ b/2001/0xxx/CVE-2001-0452.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to obtain the real pathname of the server via a \"CD *\" command followed by an ls command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010428 Vulnerabilities in BRS WebWeaver", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/180506" - }, - { - "name" : "http://members.nbci.com/_XMCM/BSoutham/WebWeaver/WebWeaverHistory.html", - "refsource" : "CONFIRM", - "url" : "http://members.nbci.com/_XMCM/BSoutham/WebWeaver/WebWeaverHistory.html" - }, - { - "name" : "2676", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2676" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to obtain the real pathname of the server via a \"CD *\" command followed by an ls command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://members.nbci.com/_XMCM/BSoutham/WebWeaver/WebWeaverHistory.html", + "refsource": "CONFIRM", + "url": "http://members.nbci.com/_XMCM/BSoutham/WebWeaver/WebWeaverHistory.html" + }, + { + "name": "2676", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2676" + }, + { + "name": "20010428 Vulnerabilities in BRS WebWeaver", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/180506" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0746.json b/2001/0xxx/CVE-2001-0746.json index 9dbddda7f91..9bebcafab89 100644 --- a/2001/0xxx/CVE-2001-0746.json +++ b/2001/0xxx/CVE-2001-0746.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Web Publisher in iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request for a long URI with (1) GETPROPERTIES, (2) GETATTRIBUTENAMES, or other methods." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010515 iPlanet - Netscape Enterprise Web Publisher Buffer Overflow ", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-05/0132.html" - }, - { - "name" : "http://iplanet.com/products/iplanet_web_enterprise/iwsalert5.11.html", - "refsource" : "CONFIRM", - "url" : "http://iplanet.com/products/iplanet_web_enterprise/iwsalert5.11.html" - }, - { - "name" : "netscape-enterprise-uri-bo(6554)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6554" - }, - { - "name" : "2732", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2732" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Web Publisher in iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request for a long URI with (1) GETPROPERTIES, (2) GETATTRIBUTENAMES, or other methods." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BUGTRAQ", + "name": "20010515 iPlanet - Netscape Enterprise Web Publisher Buffer Overflow", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0132.html" + }, + { + "name": "2732", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2732" + }, + { + "name": "http://iplanet.com/products/iplanet_web_enterprise/iwsalert5.11.html", + "refsource": "CONFIRM", + "url": "http://iplanet.com/products/iplanet_web_enterprise/iwsalert5.11.html" + }, + { + "name": "netscape-enterprise-uri-bo(6554)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6554" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1588.json b/2001/1xxx/CVE-2001-1588.json index fbaa9b33929..385d47ea7b2 100644 --- a/2001/1xxx/CVE-2001-1588.json +++ b/2001/1xxx/CVE-2001-1588.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1588", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1588", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1235.json b/2008/1xxx/CVE-2008-1235.json index 17fb33d4a4b..966ad6aa678 100644 --- a/2008/1xxx/CVE-2008-1235.json +++ b/2008/1xxx/CVE-2008-1235.json @@ -1,312 +1,312 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka \"Privilege escalation via incorrect principals.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-1235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080327 rPSA-2008-0128-1 firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490196/100/0/threaded" - }, - { - "name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-14.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-14.html" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128" - }, - { - "name" : "DSA-1532", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1532" - }, - { - "name" : "DSA-1534", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1534" - }, - { - "name" : "DSA-1535", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1535" - }, - { - "name" : "DSA-1574", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1574" - }, - { - "name" : "FEDORA-2008-3519", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00058.html" - }, - { - "name" : "FEDORA-2008-3557", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00074.html" - }, - { - "name" : "GLSA-200805-18", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml" - }, - { - "name" : "MDVSA-2008:080", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:080" - }, - { - "name" : "MDVSA-2008:155", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:155" - }, - { - "name" : "RHSA-2008:0208", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2008-0208.html" - }, - { - "name" : "RHSA-2008:0207", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0207.html" - }, - { - "name" : "RHSA-2008:0209", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0209.html" - }, - { - "name" : "SSA:2008-128-02", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.447313" - }, - { - "name" : "239546", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1" - }, - { - "name" : "238492", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1" - }, - { - "name" : "SUSE-SA:2008:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html" - }, - { - "name" : "USN-592-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-592-1" - }, - { - "name" : "USN-605-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-605-1" - }, - { - "name" : "TA08-087A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-087A.html" - }, - { - "name" : "VU#466521", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/466521" - }, - { - "name" : "28448", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28448" - }, - { - "name" : "oval:org.mitre.oval:def:10980", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10980" - }, - { - "name" : "ADV-2008-0999", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0999/references" - }, - { - "name" : "ADV-2008-0998", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0998/references" - }, - { - "name" : "ADV-2008-2091", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2091/references" - }, - { - "name" : "ADV-2008-1793", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1793/references" - }, - { - "name" : "1019694", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019694" - }, - { - "name" : "29391", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29391" - }, - { - "name" : "29560", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29560" - }, - { - "name" : "29548", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29548" - }, - { - "name" : "29550", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29550" - }, - { - "name" : "29539", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29539" - }, - { - "name" : "29558", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29558" - }, - { - "name" : "29616", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29616" - }, - { - "name" : "29526", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29526" - }, - { - "name" : "29541", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29541" - }, - { - "name" : "29547", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29547" - }, - { - "name" : "29645", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29645" - }, - { - "name" : "29607", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29607" - }, - { - "name" : "30016", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30016" - }, - { - "name" : "30094", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30094" - }, - { - "name" : "30327", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30327" - }, - { - "name" : "30370", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30370" - }, - { - "name" : "31043", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31043" - }, - { - "name" : "30192", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30192" - }, - { - "name" : "30620", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30620" - }, - { - "name" : "30105", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30105" - }, - { - "name" : "mozilla-principal-code-execution(41457)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41457" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka \"Privilege escalation via incorrect principals.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080327 rPSA-2008-0128-1 firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490196/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:10980", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10980" + }, + { + "name": "29541", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29541" + }, + { + "name": "29539", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29539" + }, + { + "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-14.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-14.html" + }, + { + "name": "ADV-2008-0999", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0999/references" + }, + { + "name": "30620", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30620" + }, + { + "name": "29560", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29560" + }, + { + "name": "DSA-1532", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1532" + }, + { + "name": "mozilla-principal-code-execution(41457)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41457" + }, + { + "name": "30327", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30327" + }, + { + "name": "238492", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1" + }, + { + "name": "USN-592-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-592-1" + }, + { + "name": "29616", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29616" + }, + { + "name": "1019694", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019694" + }, + { + "name": "29550", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29550" + }, + { + "name": "29645", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29645" + }, + { + "name": "USN-605-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-605-1" + }, + { + "name": "29607", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29607" + }, + { + "name": "239546", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1" + }, + { + "name": "MDVSA-2008:155", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:155" + }, + { + "name": "ADV-2008-1793", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1793/references" + }, + { + "name": "DSA-1574", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1574" + }, + { + "name": "29558", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29558" + }, + { + "name": "29548", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29548" + }, + { + "name": "30370", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30370" + }, + { + "name": "RHSA-2008:0208", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2008-0208.html" + }, + { + "name": "29526", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29526" + }, + { + "name": "ADV-2008-2091", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2091/references" + }, + { + "name": "SUSE-SA:2008:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html" + }, + { + "name": "TA08-087A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-087A.html" + }, + { + "name": "29391", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29391" + }, + { + "name": "30192", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30192" + }, + { + "name": "VU#466521", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/466521" + }, + { + "name": "SSA:2008-128-02", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.447313" + }, + { + "name": "RHSA-2008:0209", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0209.html" + }, + { + "name": "28448", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28448" + }, + { + "name": "RHSA-2008:0207", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0207.html" + }, + { + "name": "30016", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30016" + }, + { + "name": "DSA-1534", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1534" + }, + { + "name": "FEDORA-2008-3519", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00058.html" + }, + { + "name": "29547", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29547" + }, + { + "name": "30105", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30105" + }, + { + "name": "30094", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30094" + }, + { + "name": "GLSA-200805-18", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128" + }, + { + "name": "31043", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31043" + }, + { + "name": "FEDORA-2008-3557", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00074.html" + }, + { + "name": "ADV-2008-0998", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0998/references" + }, + { + "name": "DSA-1535", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1535" + }, + { + "name": "MDVSA-2008:080", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:080" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1342.json b/2008/1xxx/CVE-2008-1342.json index b22c6aa8f53..aed1cea840f 100644 --- a/2008/1xxx/CVE-2008-1342.json +++ b/2008/1xxx/CVE-2008-1342.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1342", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the search feature in Polymita BPM-Suite and CollagePortal allow remote attackers to inject arbitrary web script or HTML via the (1) _q and (2) lucene_index_field_value parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "29355", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29355" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the search feature in Polymita BPM-Suite and CollagePortal allow remote attackers to inject arbitrary web script or HTML via the (1) _q and (2) lucene_index_field_value parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29355", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29355" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1383.json b/2008/1xxx/CVE-2008-1383.json index 16328438d5e..5ec2bd08304 100644 --- a/2008/1xxx/CVE-2008-1383.json +++ b/2008/1xxx/CVE-2008-1383.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1383", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=174759", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=174759" - }, - { - "name" : "GLSA-200803-30", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200803-30.xml" - }, - { - "name" : "28350", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28350" - }, - { - "name" : "43479", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43479" - }, - { - "name" : "29436", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29436" - }, - { - "name" : "gentoo-docert-sslkey-weak-security(41336)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41336" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29436", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29436" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=174759", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=174759" + }, + { + "name": "28350", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28350" + }, + { + "name": "gentoo-docert-sslkey-weak-security(41336)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41336" + }, + { + "name": "43479", + "refsource": "OSVDB", + "url": "http://osvdb.org/43479" + }, + { + "name": "GLSA-200803-30", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200803-30.xml" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1434.json b/2008/1xxx/CVE-2008-1434.json index ba1c657722a..0fcdd7bc4cd 100644 --- a/2008/1xxx/CVE-2008-1434.json +++ b/2008/1xxx/CVE-2008-1434.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1434", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a \"memory handling error\" that triggers memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-1434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080513 Microsoft Word CSS Processing Memory Corruption Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=700" - }, - { - "name" : "HPSBST02336", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=121129490723574&w=2" - }, - { - "name" : "SSRT080071", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=121129490723574&w=2" - }, - { - "name" : "MS08-026", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-026" - }, - { - "name" : "TA08-134A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-134A.html" - }, - { - "name" : "29105", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29105" - }, - { - "name" : "oval:org.mitre.oval:def:5012", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5012" - }, - { - "name" : "ADV-2008-1504", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1504/references" - }, - { - "name" : "1020014", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020014" - }, - { - "name" : "30143", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30143" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a \"memory handling error\" that triggers memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1020014", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020014" + }, + { + "name": "MS08-026", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-026" + }, + { + "name": "ADV-2008-1504", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1504/references" + }, + { + "name": "20080513 Microsoft Word CSS Processing Memory Corruption Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=700" + }, + { + "name": "SSRT080071", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=121129490723574&w=2" + }, + { + "name": "30143", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30143" + }, + { + "name": "TA08-134A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html" + }, + { + "name": "29105", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29105" + }, + { + "name": "HPSBST02336", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=121129490723574&w=2" + }, + { + "name": "oval:org.mitre.oval:def:5012", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5012" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1898.json b/2008/1xxx/CVE-2008-1898.json index 15d3ee6a4bb..f4b8c1045e3 100644 --- a/2008/1xxx/CVE-2008-1898.json +++ b/2008/1xxx/CVE-2008-1898.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080417 Microsoft Works 7 WkImgSrv.dll crash POC", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491027/100/0/threaded" - }, - { - "name" : "20080502 Microsoft Work ActiveX Insecure Method Exploit", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0029.html" - }, - { - "name" : "5460", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5460" - }, - { - "name" : "5530", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5530" - }, - { - "name" : "http://blogs.technet.com/swi/archive/2008/06/05/why-there-wont-be-a-security-update-for-wkimgsrv-dll.aspx", - "refsource" : "MISC", - "url" : "http://blogs.technet.com/swi/archive/2008/06/05/why-there-wont-be-a-security-update-for-wkimgsrv-dll.aspx" - }, - { - "name" : "28820", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28820" - }, - { - "name" : "microsoft-works-wkimgsrv-dos(41876)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41876" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blogs.technet.com/swi/archive/2008/06/05/why-there-wont-be-a-security-update-for-wkimgsrv-dll.aspx", + "refsource": "MISC", + "url": "http://blogs.technet.com/swi/archive/2008/06/05/why-there-wont-be-a-security-update-for-wkimgsrv-dll.aspx" + }, + { + "name": "5530", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5530" + }, + { + "name": "28820", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28820" + }, + { + "name": "20080502 Microsoft Work ActiveX Insecure Method Exploit", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0029.html" + }, + { + "name": "20080417 Microsoft Works 7 WkImgSrv.dll crash POC", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491027/100/0/threaded" + }, + { + "name": "5460", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5460" + }, + { + "name": "microsoft-works-wkimgsrv-dos(41876)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41876" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5008.json b/2008/5xxx/CVE-2008-5008.json index 97aade4db4f..5f05a04cdaa 100644 --- a/2008/5xxx/CVE-2008-5008.json +++ b/2008/5xxx/CVE-2008-5008.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in src/src_sinc.c in Secret Rabbit Code (aka SRC or libsamplerate) before 0.1.4, when \"extreme low conversion ratios\" are used, allows user-assisted attackers to have an unknown impact via a crafted audio file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20081103 CVE Request (libsamplerate)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/11/03/6" - }, - { - "name" : "http://www.mega-nerd.com/SRC/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://www.mega-nerd.com/SRC/ChangeLog" - }, - { - "name" : "GLSA-200812-05", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200812-05.xml" - }, - { - "name" : "MDVSA-2008:238", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:238" - }, - { - "name" : "32090", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32090" - }, - { - "name" : "secretrabbitcode-srcsinc-bo(46542)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46542" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in src/src_sinc.c in Secret Rabbit Code (aka SRC or libsamplerate) before 0.1.4, when \"extreme low conversion ratios\" are used, allows user-assisted attackers to have an unknown impact via a crafted audio file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20081103 CVE Request (libsamplerate)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/11/03/6" + }, + { + "name": "secretrabbitcode-srcsinc-bo(46542)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46542" + }, + { + "name": "GLSA-200812-05", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200812-05.xml" + }, + { + "name": "http://www.mega-nerd.com/SRC/ChangeLog", + "refsource": "CONFIRM", + "url": "http://www.mega-nerd.com/SRC/ChangeLog" + }, + { + "name": "32090", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32090" + }, + { + "name": "MDVSA-2008:238", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:238" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5316.json b/2008/5xxx/CVE-2008-5316.json index 66d4f252123..a26aaf9d320 100644 --- a/2008/5xxx/CVE-2008-5316.json +++ b/2008/5xxx/CVE-2008-5316.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) before 1.16 allows attackers to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of \"the input file,\" a different vulnerability than CVE-2007-2741." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20081128 CVE request: lcms (old issues)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/11/28/3" - }, - { - "name" : "http://lcms.cvs.sourceforge.net/viewvc/lcms/lcms/src/cmsio1.c?r1=1.33&r2=1.34", - "refsource" : "CONFIRM", - "url" : "http://lcms.cvs.sourceforge.net/viewvc/lcms/lcms/src/cmsio1.c?r1=1.33&r2=1.34" - }, - { - "name" : "DSA-1684", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1684" - }, - { - "name" : "RHSA-2009:0011", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0011.html" - }, - { - "name" : "32708", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32708" - }, - { - "name" : "oval:org.mitre.oval:def:10531", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10531" - }, - { - "name" : "33066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33066" - }, - { - "name" : "lcms-readembeddedtexttag-bo(47119)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47119" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) before 1.16 allows attackers to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of \"the input file,\" a different vulnerability than CVE-2007-2741." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lcms.cvs.sourceforge.net/viewvc/lcms/lcms/src/cmsio1.c?r1=1.33&r2=1.34", + "refsource": "CONFIRM", + "url": "http://lcms.cvs.sourceforge.net/viewvc/lcms/lcms/src/cmsio1.c?r1=1.33&r2=1.34" + }, + { + "name": "32708", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32708" + }, + { + "name": "33066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33066" + }, + { + "name": "DSA-1684", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1684" + }, + { + "name": "oval:org.mitre.oval:def:10531", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10531" + }, + { + "name": "[oss-security] 20081128 CVE request: lcms (old issues)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/11/28/3" + }, + { + "name": "RHSA-2009:0011", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0011.html" + }, + { + "name": "lcms-readembeddedtexttag-bo(47119)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47119" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5471.json b/2008/5xxx/CVE-2008-5471.json index 88659acb973..25572951a21 100644 --- a/2008/5xxx/CVE-2008-5471.json +++ b/2008/5xxx/CVE-2008-5471.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5471", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-5471", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5941.json b/2008/5xxx/CVE-2008-5941.json index 98a4654276d..b8e49a41822 100644 --- a/2008/5xxx/CVE-2008-5941.json +++ b/2008/5xxx/CVE-2008-5941.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5941", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in MODx 0.9.6.1p2 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://svn.modxcms.com/svn/tattoo/tattoo/releases/0.9.6.3/install/changelog.txt", - "refsource" : "CONFIRM", - "url" : "http://svn.modxcms.com/svn/tattoo/tattoo/releases/0.9.6.3/install/changelog.txt" - }, - { - "name" : "JVN#66828183", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN66828183/index.html" - }, - { - "name" : "JVNDB-2009-000004", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000004.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in MODx 0.9.6.1p2 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#66828183", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN66828183/index.html" + }, + { + "name": "http://svn.modxcms.com/svn/tattoo/tattoo/releases/0.9.6.3/install/changelog.txt", + "refsource": "CONFIRM", + "url": "http://svn.modxcms.com/svn/tattoo/tattoo/releases/0.9.6.3/install/changelog.txt" + }, + { + "name": "JVNDB-2009-000004", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000004.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2195.json b/2011/2xxx/CVE-2011-2195.json index 91fd5a038a4..ad64657f8d4 100644 --- a/2011/2xxx/CVE-2011-2195.json +++ b/2011/2xxx/CVE-2011-2195.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2195", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2195", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2628.json b/2011/2xxx/CVE-2011-2628.json index 41f68a21c5d..b9f3b71309b 100644 --- a/2011/2xxx/CVE-2011-2628.json +++ b/2011/2xxx/CVE-2011-2628.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2628", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to page unload." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1111/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1111/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1111/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1111/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1111/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1111/" - }, - { - "name" : "http://www.opera.com/support/kb/view/992/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/kb/view/992/" - }, - { - "name" : "8425", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to page unload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/docs/changelogs/unix/1111/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1111/" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/1111/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1111/" + }, + { + "name": "http://www.opera.com/support/kb/view/992/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/kb/view/992/" + }, + { + "name": "8425", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8425" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1111/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1111/" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2764.json b/2011/2xxx/CVE-2011-2764.json index d616a10739e..e9c1da0d313 100644 --- a/2011/2xxx/CVE-2011-2764.json +++ b/2011/2xxx/CVE-2011-2764.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the ioQuake3 engine 1.36 and earlier, as used in World of Padman, Smokin' Guns, OpenArena, Tremulous, and ioUrbanTerror, does not properly determine dangerous file extensions, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110728 Two security issues fixed in ioQuake3 engine", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/519051/100/0/threaded" - }, - { - "name" : "20110728 Two security issues fixed in ioQuake3 engine", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-07/0338.html" - }, - { - "name" : "http://svn.icculus.org/quake3?view=rev&revision=2098", - "refsource" : "CONFIRM", - "url" : "http://svn.icculus.org/quake3?view=rev&revision=2098" - }, - { - "name" : "http://thilo.tjps.eu/download/patches/ioq3-svn-r2098.diff", - "refsource" : "CONFIRM", - "url" : "http://thilo.tjps.eu/download/patches/ioq3-svn-r2098.diff" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=725951", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=725951" - }, - { - "name" : "FEDORA-2011-9898", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063460.html" - }, - { - "name" : "GLSA-201706-23", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-23" - }, - { - "name" : "48915", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48915" - }, - { - "name" : "45539", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45539" - }, - { - "name" : "45540", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45540" - }, - { - "name" : "8324", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8324" - }, - { - "name" : "ioquake-gamecode-code-execution(68870)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68870" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the ioQuake3 engine 1.36 and earlier, as used in World of Padman, Smokin' Guns, OpenArena, Tremulous, and ioUrbanTerror, does not properly determine dangerous file extensions, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110728 Two security issues fixed in ioQuake3 engine", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-07/0338.html" + }, + { + "name": "http://svn.icculus.org/quake3?view=rev&revision=2098", + "refsource": "CONFIRM", + "url": "http://svn.icculus.org/quake3?view=rev&revision=2098" + }, + { + "name": "45540", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45540" + }, + { + "name": "ioquake-gamecode-code-execution(68870)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68870" + }, + { + "name": "45539", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45539" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=725951", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=725951" + }, + { + "name": "http://thilo.tjps.eu/download/patches/ioq3-svn-r2098.diff", + "refsource": "CONFIRM", + "url": "http://thilo.tjps.eu/download/patches/ioq3-svn-r2098.diff" + }, + { + "name": "48915", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48915" + }, + { + "name": "20110728 Two security issues fixed in ioQuake3 engine", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/519051/100/0/threaded" + }, + { + "name": "8324", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8324" + }, + { + "name": "GLSA-201706-23", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-23" + }, + { + "name": "FEDORA-2011-9898", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063460.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0552.json b/2013/0xxx/CVE-2013-0552.json index cc79b061e9e..43c22f82987 100644 --- a/2013/0xxx/CVE-2013-0552.json +++ b/2013/0xxx/CVE-2013-0552.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0552", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-0552", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0820.json b/2013/0xxx/CVE-2013-0820.json index b42ddbaf363..2be3cdcada7 100644 --- a/2013/0xxx/CVE-2013-0820.json +++ b/2013/0xxx/CVE-2013-0820.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0820", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-0820", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0851.json b/2013/0xxx/CVE-2013-0851.json index 7e33288a50d..6b2147ea56d 100644 --- a/2013/0xxx/CVE-2013-0851.json +++ b/2013/0xxx/CVE-2013-0851.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0851", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-0851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=63ac64864c6e0e84355aa3caa5b92208997a9a8d", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=63ac64864c6e0e84355aa3caa5b92208997a9a8d" - }, - { - "name" : "http://www.ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://www.ffmpeg.org/security.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://www.ffmpeg.org/security.html" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=63ac64864c6e0e84355aa3caa5b92208997a9a8d", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=63ac64864c6e0e84355aa3caa5b92208997a9a8d" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1140.json b/2013/1xxx/CVE-2013-1140.json index c705d37c86e..4b2d8bb23e1 100644 --- a/2013/1xxx/CVE-2013-1140.json +++ b/2013/1xxx/CVE-2013-1140.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XML parser in Cisco Security Monitoring, Analysis, and Response System (MARS) allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCue55093." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130304 Cisco MARS Information Disclosure Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1140" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XML parser in Cisco Security Monitoring, Analysis, and Response System (MARS) allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCue55093." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130304 Cisco MARS Information Disclosure Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1140" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1331.json b/2013/1xxx/CVE-2013-1331.json index 7caffa06397..8d9c17cb777 100644 --- a/2013/1xxx/CVE-2013-1331.json +++ b/2013/1xxx/CVE-2013-1331.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka \"Office Buffer Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-1331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-051", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-051" - }, - { - "name" : "TA13-168A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-168A" - }, - { - "name" : "oval:org.mitre.oval:def:16713", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16713" - }, - { - "name" : "oval:org.mitre.oval:def:16732", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16732" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka \"Office Buffer Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16713", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16713" + }, + { + "name": "TA13-168A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-168A" + }, + { + "name": "oval:org.mitre.oval:def:16732", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16732" + }, + { + "name": "MS13-051", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-051" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1630.json b/2013/1xxx/CVE-2013-1630.json index ca99aeb5945..014bb41b8f9 100644 --- a/2013/1xxx/CVE-2013-1630.json +++ b/2013/1xxx/CVE-2013-1630.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1630", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "pyshop before 0.7.1 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a download operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.reddit.com/r/Python/comments/17rfh7/warning_dont_use_pip_in_an_untrusted_network_a/", - "refsource" : "MISC", - "url" : "http://www.reddit.com/r/Python/comments/17rfh7/warning_dont_use_pip_in_an_untrusted_network_a/" - }, - { - "name" : "https://github.com/mardiros/pyshop/blob/master/CHANGES.txt", - "refsource" : "CONFIRM", - "url" : "https://github.com/mardiros/pyshop/blob/master/CHANGES.txt" - }, - { - "name" : "https://github.com/mardiros/pyshop/commit/ffadb0bcdef1e385884571670210cfd6ba351784", - "refsource" : "CONFIRM", - "url" : "https://github.com/mardiros/pyshop/commit/ffadb0bcdef1e385884571670210cfd6ba351784" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pyshop before 0.7.1 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a download operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/mardiros/pyshop/commit/ffadb0bcdef1e385884571670210cfd6ba351784", + "refsource": "CONFIRM", + "url": "https://github.com/mardiros/pyshop/commit/ffadb0bcdef1e385884571670210cfd6ba351784" + }, + { + "name": "https://github.com/mardiros/pyshop/blob/master/CHANGES.txt", + "refsource": "CONFIRM", + "url": "https://github.com/mardiros/pyshop/blob/master/CHANGES.txt" + }, + { + "name": "http://www.reddit.com/r/Python/comments/17rfh7/warning_dont_use_pip_in_an_untrusted_network_a/", + "refsource": "MISC", + "url": "http://www.reddit.com/r/Python/comments/17rfh7/warning_dont_use_pip_in_an_untrusted_network_a/" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1644.json b/2013/1xxx/CVE-2013-1644.json index 933eab818e8..0a7a1af0926 100644 --- a/2013/1xxx/CVE-2013-1644.json +++ b/2013/1xxx/CVE-2013-1644.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1644", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1644", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1925.json b/2013/1xxx/CVE-2013-1925.json index 0b84cf27e10..34a9f50d09e 100644 --- a/2013/1xxx/CVE-2013-1925.json +++ b/2013/1xxx/CVE-2013-1925.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1925", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the \"access content\" permission to read restricted node titles via an autocomplete list." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130403 [Security-news] SA-CONTRIB-2013-041 - Chaos tool suite (ctools) - Access bypass", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Apr/8" - }, - { - "name" : "http://packetstormsecurity.com/files/121072/Drupal-Chaos-Tool-Suite-7.x-Access-Bypass.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/121072/Drupal-Chaos-Tool-Suite-7.x-Access-Bypass.html" - }, - { - "name" : "https://drupal.org/node/1960406", - "refsource" : "MISC", - "url" : "https://drupal.org/node/1960406" - }, - { - "name" : "https://drupal.org/node/1960424", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/1960424" - }, - { - "name" : "91986", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/91986" - }, - { - "name" : "drupal-chaostool-node-security-bypass(83254)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the \"access content\" permission to read restricted node titles via an autocomplete list." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/121072/Drupal-Chaos-Tool-Suite-7.x-Access-Bypass.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/121072/Drupal-Chaos-Tool-Suite-7.x-Access-Bypass.html" + }, + { + "name": "https://drupal.org/node/1960406", + "refsource": "MISC", + "url": "https://drupal.org/node/1960406" + }, + { + "name": "91986", + "refsource": "OSVDB", + "url": "http://osvdb.org/91986" + }, + { + "name": "drupal-chaostool-node-security-bypass(83254)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83254" + }, + { + "name": "https://drupal.org/node/1960424", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/1960424" + }, + { + "name": "20130403 [Security-news] SA-CONTRIB-2013-041 - Chaos tool suite (ctools) - Access bypass", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Apr/8" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3450.json b/2013/3xxx/CVE-2013-3450.json index e8e91a53cae..12d94a6097b 100644 --- a/2013/3xxx/CVE-2013-3450.json +++ b/2013/3xxx/CVE-2013-3450.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-3450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130802 Cisco Unified Communications Manager User Web Dialer Vulnerable to CSRF Attack", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3450" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130802 Cisco Unified Communications Manager User Web Dialer Vulnerable to CSRF Attack", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3450" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4482.json b/2013/4xxx/CVE-2013-4482.json index 7c0c6191dcb..a6eaf30685a 100644 --- a/2013/4xxx/CVE-2013-4482.json +++ b/2013/4xxx/CVE-2013-4482.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=990321", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=990321" - }, - { - "name" : "RHSA-2013:1603", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1603.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:1603", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1603.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=990321", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=990321" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4846.json b/2013/4xxx/CVE-2013-4846.json index 8e30bb7d4bf..4f29077d725 100644 --- a/2013/4xxx/CVE-2013-4846.json +++ b/2013/4xxx/CVE-2013-4846.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4846", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP System Management Homepage (SMH) before 7.3 allows remote attackers to obtain sensitive information via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-4846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02947", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04039138" - }, - { - "name" : "SSRT101285", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04039138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP System Management Homepage (SMH) before 7.3 allows remote attackers to obtain sensitive information via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101285", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04039138" + }, + { + "name": "HPSBMU02947", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04039138" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12384.json b/2017/12xxx/CVE-2017-12384.json index a6ed7214442..4b0393fdf63 100644 --- a/2017/12xxx/CVE-2017-12384.json +++ b/2017/12xxx/CVE-2017-12384.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12384", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12384", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12385.json b/2017/12xxx/CVE-2017-12385.json index 615bb73059e..8d915977cfc 100644 --- a/2017/12xxx/CVE-2017-12385.json +++ b/2017/12xxx/CVE-2017-12385.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12385", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12385", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12462.json b/2017/12xxx/CVE-2017-12462.json index 22e9b9dc14c..708cb154fa9 100644 --- a/2017/12xxx/CVE-2017-12462.json +++ b/2017/12xxx/CVE-2017-12462.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12462", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12462", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12906.json b/2017/12xxx/CVE-2017-12906.json index fe7c6da9bcd..969722790f9 100644 --- a/2017/12xxx/CVE-2017-12906.json +++ b/2017/12xxx/CVE-2017-12906.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12906", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2) confirm_resend.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12906", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://loid.online/cve/cve.txt", - "refsource" : "MISC", - "url" : "http://loid.online/cve/cve.txt" - }, - { - "name" : "http://www.sstrunk.com/cve/confirm_resend.html", - "refsource" : "MISC", - "url" : "http://www.sstrunk.com/cve/confirm_resend.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2) confirm_resend.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://loid.online/cve/cve.txt", + "refsource": "MISC", + "url": "http://loid.online/cve/cve.txt" + }, + { + "name": "http://www.sstrunk.com/cve/confirm_resend.html", + "refsource": "MISC", + "url": "http://www.sstrunk.com/cve/confirm_resend.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13150.json b/2017/13xxx/CVE-2017-13150.json index 1aa06e9251a..3c93982fc53 100644 --- a/2017/13xxx/CVE-2017-13150.json +++ b/2017/13xxx/CVE-2017-13150.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-12-04T00:00:00", - "ID" : "CVE-2017-13150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-38328132." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-12-04T00:00:00", + "ID": "CVE-2017-13150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-12-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-12-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-38328132." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-12-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13172.json b/2017/13xxx/CVE-2017-13172.json index 2d82db8d8fa..5c4fd9dd6b3 100644 --- a/2017/13xxx/CVE-2017-13172.json +++ b/2017/13xxx/CVE-2017-13172.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-12-04T00:00:00", - "ID" : "CVE-2017-13172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the MediaTek bluetooth driver. Product: Android. Versions: Android kernel. Android ID A-36493287. References: M-ALPS03495791." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-12-04T00:00:00", + "ID": "CVE-2017-13172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-12-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-12-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the MediaTek bluetooth driver. Product: Android. Versions: Android kernel. Android ID A-36493287. References: M-ALPS03495791." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-12-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13743.json b/2017/13xxx/CVE-2017-13743.json index a32c1ebd489..a7ac7239d79 100644 --- a/2017/13xxx/CVE-2017-13743.json +++ b/2017/13xxx/CVE-2017-13743.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a buffer overflow in Liblouis 3.2.0, triggered in the function _lou_showString() in utils.c, that will lead to a remote denial of service attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1484335", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1484335" - }, - { - "name" : "RHSA-2017:3111", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3111" - }, - { - "name" : "100607", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100607" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a buffer overflow in Liblouis 3.2.0, triggered in the function _lou_showString() in utils.c, that will lead to a remote denial of service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100607", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100607" + }, + { + "name": "RHSA-2017:3111", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3111" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1484335", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484335" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16149.json b/2017/16xxx/CVE-2017-16149.json index 2df52537824..ea7e3ef7f83 100644 --- a/2017/16xxx/CVE-2017-16149.json +++ b/2017/16xxx/CVE-2017-16149.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "zwserver node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "zwserver is a weather web server. zwserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "zwserver node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/zwserver", - "refsource" : "MISC", - "url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/zwserver" - }, - { - "name" : "https://nodesecurity.io/advisories/372", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "zwserver is a weather web server. zwserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/372", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/372" + }, + { + "name": "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/zwserver", + "refsource": "MISC", + "url": "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/zwserver" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16480.json b/2017/16xxx/CVE-2017-16480.json index 7ea038fe57a..fa762cfbe0a 100644 --- a/2017/16xxx/CVE-2017-16480.json +++ b/2017/16xxx/CVE-2017-16480.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16480", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-16480", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16508.json b/2017/16xxx/CVE-2017-16508.json index 8ec8ab0493d..b978c419f3e 100644 --- a/2017/16xxx/CVE-2017-16508.json +++ b/2017/16xxx/CVE-2017-16508.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16508", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-16508", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16937.json b/2017/16xxx/CVE-2017-16937.json index ad1bca77920..c4681650eab 100644 --- a/2017/16xxx/CVE-2017-16937.json +++ b/2017/16xxx/CVE-2017-16937.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16937", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16937", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17113.json b/2017/17xxx/CVE-2017-17113.json index 425d742e734..d86a6945545 100644 --- a/2017/17xxx/CVE-2017-17113.json +++ b/2017/17xxx/CVE-2017-17113.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a NULL pointer dereference via a 0x830000c4 DeviceIoControl request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/k0keoyo/Driver-Loaded-PoC/tree/master/IKARUS-Antivirus/Null_Pointer_Dereference_1", - "refsource" : "MISC", - "url" : "https://github.com/k0keoyo/Driver-Loaded-PoC/tree/master/IKARUS-Antivirus/Null_Pointer_Dereference_1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a NULL pointer dereference via a 0x830000c4 DeviceIoControl request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/k0keoyo/Driver-Loaded-PoC/tree/master/IKARUS-Antivirus/Null_Pointer_Dereference_1", + "refsource": "MISC", + "url": "https://github.com/k0keoyo/Driver-Loaded-PoC/tree/master/IKARUS-Antivirus/Null_Pointer_Dereference_1" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17734.json b/2017/17xxx/CVE-2017-17734.json index 0f771d87ba1..82c6918a413 100644 --- a/2017/17xxx/CVE-2017-17734.json +++ b/2017/17xxx/CVE-2017-17734.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=77737", - "refsource" : "CONFIRM", - "url" : "https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=77737" - }, - { - "name" : "https://www.cmsmadesimple.org/2017/12/Announcing-CMSMS-v2.2.5-Wawa", - "refsource" : "CONFIRM", - "url" : "https://www.cmsmadesimple.org/2017/12/Announcing-CMSMS-v2.2.5-Wawa" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=77737", + "refsource": "CONFIRM", + "url": "https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=77737" + }, + { + "name": "https://www.cmsmadesimple.org/2017/12/Announcing-CMSMS-v2.2.5-Wawa", + "refsource": "CONFIRM", + "url": "https://www.cmsmadesimple.org/2017/12/Announcing-CMSMS-v2.2.5-Wawa" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4189.json b/2017/4xxx/CVE-2017-4189.json index 4225eae8b23..82680dd70ca 100644 --- a/2017/4xxx/CVE-2017-4189.json +++ b/2017/4xxx/CVE-2017-4189.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4189", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4189", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4442.json b/2017/4xxx/CVE-2017-4442.json index 6a876404ac2..732c7bd3d2c 100644 --- a/2017/4xxx/CVE-2017-4442.json +++ b/2017/4xxx/CVE-2017-4442.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4442", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4442", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4678.json b/2017/4xxx/CVE-2017-4678.json index b7830ecd86e..2d64b769182 100644 --- a/2017/4xxx/CVE-2017-4678.json +++ b/2017/4xxx/CVE-2017-4678.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4678", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4678", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18153.json b/2018/18xxx/CVE-2018-18153.json index 88b6381dc29..08ed76072a7 100644 --- a/2018/18xxx/CVE-2018-18153.json +++ b/2018/18xxx/CVE-2018-18153.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18153", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18153", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18441.json b/2018/18xxx/CVE-2018-18441.json index 06fab2cc314..3eff5637819 100644 --- a/2018/18xxx/CVE-2018-18441.json +++ b/2018/18xxx/CVE-2018-18441.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18441", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: /common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18441", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/", - "refsource" : "MISC", - "url" : "https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. The affected devices include many of DCS series, such as: DCS-936L, DCS-942L, DCS-8000LH, DCS-942LB1, DCS-5222L, DCS-825L, DCS-2630L, DCS-820L, DCS-855L, DCS-2121, DCS-5222LB1, DCS-5020L, and many more. There are many affected firmware versions starting from 1.00 and above. The configuration file can be accessed remotely through: /common/info.cgi, with no authentication. The configuration file include the following fields: model, product, brand, version, build, hw_version, nipca version, device name, location, MAC address, IP address, gateway IP address, wireless status, input/output settings, speaker, and sensor settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/", + "refsource": "MISC", + "url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/i-got-my-eyeon-you-security-vulnerabilities-in-baby-monitor/" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18566.json b/2018/18xxx/CVE-2018-18566.json index dbbdaa47ac8..9004f976c8b 100644 --- a/2018/18xxx/CVE-2018-18566.json +++ b/2018/18xxx/CVE-2018-18566.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181023 [SYSS-2018-028] information leakage with Polycom VVX Phones (Skype for Business, on-premise) - CVE-2018-18566", - "refsource" : "BUGTRAQ", - "url" : "https://seclists.org/bugtraq/2018/Oct/33" - }, - { - "name" : "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-028.txt", - "refsource" : "MISC", - "url" : "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-028.txt" - }, - { - "name" : "105746", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105746" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-028.txt", + "refsource": "MISC", + "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-028.txt" + }, + { + "name": "105746", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105746" + }, + { + "name": "20181023 [SYSS-2018-028] information leakage with Polycom VVX Phones (Skype for Business, on-premise) - CVE-2018-18566", + "refsource": "BUGTRAQ", + "url": "https://seclists.org/bugtraq/2018/Oct/33" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18691.json b/2018/18xxx/CVE-2018-18691.json index a43aa0f42c2..6a35c1acb47 100644 --- a/2018/18xxx/CVE-2018-18691.json +++ b/2018/18xxx/CVE-2018-18691.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18691", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18691", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1738.json b/2018/1xxx/CVE-2018-1738.json index ca1acc7cdd7..539999f28b8 100644 --- a/2018/1xxx/CVE-2018-1738.json +++ b/2018/1xxx/CVE-2018-1738.json @@ -1,94 +1,94 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-10-04T00:00:00", - "ID" : "CVE-2018-1738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Key Lifecycle Manager", - "version" : { - "version_data" : [ - { - "version_value" : "2.6" - }, - { - "version_value" : "2.7" - }, - { - "version_value" : "3.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. IBM X-Force ID: 147907." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "H", - "I" : "L", - "PR" : "L", - "S" : "U", - "SCORE" : "7.100", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-10-04T00:00:00", + "ID": "CVE-2018-1738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Key Lifecycle Manager", + "version": { + "version_data": [ + { + "version_value": "2.6" + }, + { + "version_value": "2.7" + }, + { + "version_value": "3.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10733309", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10733309" - }, - { - "name" : "ibm-tivoli-cve20181738-improper-auth(147907)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147907" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. IBM X-Force ID: 147907." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "H", + "I": "L", + "PR": "L", + "S": "U", + "SCORE": "7.100", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10733309", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10733309" + }, + { + "name": "ibm-tivoli-cve20181738-improper-auth(147907)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147907" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1876.json b/2018/1xxx/CVE-2018-1876.json index 54a82962ab0..abf27b53ac9 100644 --- a/2018/1xxx/CVE-2018-1876.json +++ b/2018/1xxx/CVE-2018-1876.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-10-30T00:00:00", - "ID" : "CVE-2018-1876", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Robotic Process Automation with Automation Anywhere", - "version" : { - "version_data" : [ - { - "version_value" : "11" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the password in a Control Room log file after installation. IBM X-Force ID: 151707." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "L", - "C" : "H", - "I" : "N", - "PR" : "N", - "S" : "U", - "SCORE" : "6.200", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-10-30T00:00:00", + "ID": "CVE-2018-1876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Robotic Process Automation with Automation Anywhere", + "version": { + "version_data": [ + { + "version_value": "11" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10735967", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10735967" - }, - { - "name" : "ibm-rpa-cve20181876-info-disc(151707)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/151707" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the password in a Control Room log file after installation. IBM X-Force ID: 151707." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "L", + "C": "H", + "I": "N", + "PR": "N", + "S": "U", + "SCORE": "6.200", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10735967", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10735967" + }, + { + "name": "ibm-rpa-cve20181876-info-disc(151707)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151707" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5033.json b/2018/5xxx/CVE-2018-5033.json index e48a4aaa783..568392bf256 100644 --- a/2018/5xxx/CVE-2018-5033.json +++ b/2018/5xxx/CVE-2018-5033.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-5033", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-5033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" - }, - { - "name" : "104699", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104699" - }, - { - "name" : "1041250", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" + }, + { + "name": "104699", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104699" + }, + { + "name": "1041250", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041250" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5116.json b/2018/5xxx/CVE-2018-5116.json index 86c45a533f1..ec3a1a2a51d 100644 --- a/2018/5xxx/CVE-2018-5116.json +++ b/2018/5xxx/CVE-2018-5116.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-5116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "58" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebExtensions with the \"ActiveTab\" permission are able to access frames hosted within the active tab even if the frames are cross-origin. Malicious extensions can inject frames from arbitrary origins into the loaded page and then interact with them, bypassing same-origin user expectations with this permission. This vulnerability affects Firefox < 58." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "WebExtension ActiveTab permission allows cross-origin frame content access" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-5116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "58" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1396399", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1396399" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-02/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-02/" - }, - { - "name" : "USN-3544-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3544-1/" - }, - { - "name" : "102786", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102786" - }, - { - "name" : "1040270", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebExtensions with the \"ActiveTab\" permission are able to access frames hosted within the active tab even if the frames are cross-origin. Malicious extensions can inject frames from arbitrary origins into the loaded page and then interact with them, bypassing same-origin user expectations with this permission. This vulnerability affects Firefox < 58." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "WebExtension ActiveTab permission allows cross-origin frame content access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040270", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040270" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1396399", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1396399" + }, + { + "name": "USN-3544-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3544-1/" + }, + { + "name": "102786", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102786" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-02/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-02/" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5373.json b/2018/5xxx/CVE-2018-5373.json index 7bd1b561d1d..12b030997ce 100644 --- a/2018/5xxx/CVE-2018-5373.json +++ b/2018/5xxx/CVE-2018-5373.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection via smooth-slider.php (trid parameter)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.defensecode.com/advisories/DC-2018-01-004_WordPress_Smooth_Slider_Plugin_Advisory.pdf", - "refsource" : "MISC", - "url" : "http://www.defensecode.com/advisories/DC-2018-01-004_WordPress_Smooth_Slider_Plugin_Advisory.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection via smooth-slider.php (trid parameter)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.defensecode.com/advisories/DC-2018-01-004_WordPress_Smooth_Slider_Plugin_Advisory.pdf", + "refsource": "MISC", + "url": "http://www.defensecode.com/advisories/DC-2018-01-004_WordPress_Smooth_Slider_Plugin_Advisory.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5924.json b/2018/5xxx/CVE-2018-5924.json index 5210ab7a651..9913cc5369d 100644 --- a/2018/5xxx/CVE-2018-5924.json +++ b/2018/5xxx/CVE-2018-5924.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "hp-security-alert@hp.com", - "DATE_PUBLIC" : "2018-08-01T00:00:00", - "ID" : "CVE-2018-5924", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HP inkjet printers", - "version" : { - "version_data" : [ - { - "version_value" : "Various (see reference)" - } - ] - } - } - ] - }, - "vendor_name" : "HP Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack buffer overflow, which could allow remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "DATE_PUBLIC": "2018-08-01T00:00:00", + "ID": "CVE-2018-5924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HP inkjet printers", + "version": { + "version_data": [ + { + "version_value": "Various (see reference)" + } + ] + } + } + ] + }, + "vendor_name": "HP Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/", - "refsource" : "MISC", - "url" : "https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/" - }, - { - "name" : "HPSBHF03589", - "refsource" : "HP", - "url" : "https://support.hp.com/us-en/document/c06097712" - }, - { - "name" : "105010", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105010" - }, - { - "name" : "1041415", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041415" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack buffer overflow, which could allow remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105010", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105010" + }, + { + "name": "1041415", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041415" + }, + { + "name": "https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/", + "refsource": "MISC", + "url": "https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/" + }, + { + "name": "HPSBHF03589", + "refsource": "HP", + "url": "https://support.hp.com/us-en/document/c06097712" + } + ] + } +} \ No newline at end of file