From 0734c7c8c2a1091791f7b3a1b029ddc0113dd182 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 06:32:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0026.json | 170 +++++++++++++------------- 2001/0xxx/CVE-2001-0104.json | 140 +++++++++++----------- 2001/0xxx/CVE-2001-0467.json | 150 +++++++++++------------ 2001/0xxx/CVE-2001-0656.json | 34 +++--- 2008/1xxx/CVE-2008-1153.json | 200 +++++++++++++++---------------- 2008/1xxx/CVE-2008-1253.json | 160 ++++++++++++------------- 2008/1xxx/CVE-2008-1452.json | 34 +++--- 2008/1xxx/CVE-2008-1476.json | 180 ++++++++++++++-------------- 2008/1xxx/CVE-2008-1857.json | 160 ++++++++++++------------- 2008/1xxx/CVE-2008-1900.json | 130 ++++++++++---------- 2008/5xxx/CVE-2008-5162.json | 160 ++++++++++++------------- 2008/5xxx/CVE-2008-5331.json | 140 +++++++++++----------- 2008/5xxx/CVE-2008-5614.json | 34 +++--- 2008/5xxx/CVE-2008-5822.json | 140 +++++++++++----------- 2011/2xxx/CVE-2011-2544.json | 190 ++++++++++++++--------------- 2013/0xxx/CVE-2013-0172.json | 120 +++++++++---------- 2013/0xxx/CVE-2013-0705.json | 140 +++++++++++----------- 2013/1xxx/CVE-2013-1375.json | 170 +++++++++++++------------- 2013/1xxx/CVE-2013-1399.json | 120 +++++++++---------- 2013/1xxx/CVE-2013-1479.json | 190 ++++++++++++++--------------- 2013/1xxx/CVE-2013-1757.json | 34 +++--- 2013/3xxx/CVE-2013-3200.json | 140 +++++++++++----------- 2013/3xxx/CVE-2013-3529.json | 190 ++++++++++++++--------------- 2013/4xxx/CVE-2013-4544.json | 200 +++++++++++++++---------------- 2013/4xxx/CVE-2013-4730.json | 150 +++++++++++------------ 2013/4xxx/CVE-2013-4836.json | 130 ++++++++++---------- 2013/4xxx/CVE-2013-4870.json | 130 ++++++++++---------- 2017/12xxx/CVE-2017-12174.json | 212 ++++++++++++++++----------------- 2017/12xxx/CVE-2017-12391.json | 34 +++--- 2017/12xxx/CVE-2017-12408.json | 34 +++--- 2017/12xxx/CVE-2017-12505.json | 142 +++++++++++----------- 2017/12xxx/CVE-2017-12907.json | 120 +++++++++---------- 2017/12xxx/CVE-2017-12967.json | 140 +++++++++++----------- 2017/13xxx/CVE-2017-13007.json | 180 ++++++++++++++-------------- 2017/13xxx/CVE-2017-13424.json | 34 +++--- 2017/13xxx/CVE-2017-13650.json | 34 +++--- 2017/13xxx/CVE-2017-13926.json | 34 +++--- 2017/16xxx/CVE-2017-16311.json | 34 +++--- 2017/16xxx/CVE-2017-16329.json | 34 +++--- 2017/16xxx/CVE-2017-16768.json | 120 +++++++++---------- 2017/17xxx/CVE-2017-17026.json | 34 +++--- 2017/4xxx/CVE-2017-4474.json | 34 +++--- 2017/4xxx/CVE-2017-4956.json | 34 +++--- 2018/18xxx/CVE-2018-18666.json | 140 +++++++++++----------- 2018/18xxx/CVE-2018-18992.json | 132 ++++++++++---------- 2018/1xxx/CVE-2018-1002.json | 34 +++--- 2018/1xxx/CVE-2018-1206.json | 140 +++++++++++----------- 2018/1xxx/CVE-2018-1853.json | 34 +++--- 2018/1xxx/CVE-2018-1906.json | 34 +++--- 2018/5xxx/CVE-2018-5075.json | 120 +++++++++---------- 2018/5xxx/CVE-2018-5233.json | 130 ++++++++++---------- 2018/5xxx/CVE-2018-5341.json | 130 ++++++++++---------- 2018/5xxx/CVE-2018-5650.json | 120 +++++++++---------- 53 files changed, 3002 insertions(+), 3002 deletions(-) diff --git a/2001/0xxx/CVE-2001-0026.json b/2001/0xxx/CVE-2001-0026.json index bb778014d27..89720d38647 100644 --- a/2001/0xxx/CVE-2001-0026.json +++ b/2001/0xxx/CVE-2001-0026.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0026", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rp-pppoe PPPoE client allows remote attackers to cause a denial of service via the Clamp MSS option and a TCP packet with a zero-length TCP option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0026", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001211 DoS vulnerability in rp-pppoe versions <= 2.4", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-12/0134.html" - }, - { - "name" : "CLA-2000:357", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000357" - }, - { - "name" : "MDKSA-2000:084", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/MDKSA-2000-084.php3" - }, - { - "name" : "RHSA-2000:130", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2000-130.html" - }, - { - "name" : "2098", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2098" - }, - { - "name" : "rppppoe-zero-length-dos(5727)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5727" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rp-pppoe PPPoE client allows remote attackers to cause a denial of service via the Clamp MSS option and a TCP packet with a zero-length TCP option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CLA-2000:357", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000357" + }, + { + "name": "MDKSA-2000:084", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-084.php3" + }, + { + "name": "RHSA-2000:130", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2000-130.html" + }, + { + "name": "20001211 DoS vulnerability in rp-pppoe versions <= 2.4", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0134.html" + }, + { + "name": "2098", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2098" + }, + { + "name": "rppppoe-zero-length-dos(5727)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5727" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0104.json b/2001/0xxx/CVE-2001-0104.json index cde7ae2eef2..15e870e8ad6 100644 --- a/2001/0xxx/CVE-2001-0104.json +++ b/2001/0xxx/CVE-2001-0104.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MDaemon Pro 3.5.1 and earlier allows local users to bypass the \"lock server\" security setting by pressing the Cancel button at the password prompt, then pressing the enter key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001214 Bypass MDaemon 3.5.1 \"Lock Server\" Protection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/151156" - }, - { - "name" : "2115", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2115" - }, - { - "name" : "mdaemon-lock-bypass-password(5763)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5763" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MDaemon Pro 3.5.1 and earlier allows local users to bypass the \"lock server\" security setting by pressing the Cancel button at the password prompt, then pressing the enter key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mdaemon-lock-bypass-password(5763)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5763" + }, + { + "name": "2115", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2115" + }, + { + "name": "20001214 Bypass MDaemon 3.5.1 \"Lock Server\" Protection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/151156" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0467.json b/2001/0xxx/CVE-2001-0467.json index 9c790bea85c..59e418c1886 100644 --- a/2001/0xxx/CVE-2001-0467.json +++ b/2001/0xxx/CVE-2001-0467.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in RobTex Viking Web server before 1.07-381 allows remote attackers to read arbitrary files via a \\... (modified dot dot) in an HTTP URL request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010423 Vulnerability in Viking Web Server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/178935" - }, - { - "name" : "http://www.robtex.com/files/viking/beta/chglog.txt", - "refsource" : "CONFIRM", - "url" : "http://www.robtex.com/files/viking/beta/chglog.txt" - }, - { - "name" : "2643", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2643" - }, - { - "name" : "viking-dot-directory-traversal(6450)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6450" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in RobTex Viking Web server before 1.07-381 allows remote attackers to read arbitrary files via a \\... (modified dot dot) in an HTTP URL request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2643", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2643" + }, + { + "name": "viking-dot-directory-traversal(6450)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6450" + }, + { + "name": "20010423 Vulnerability in Viking Web Server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/178935" + }, + { + "name": "http://www.robtex.com/files/viking/beta/chglog.txt", + "refsource": "CONFIRM", + "url": "http://www.robtex.com/files/viking/beta/chglog.txt" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0656.json b/2001/0xxx/CVE-2001-0656.json index 91b5678415f..746874e1a7f 100644 --- a/2001/0xxx/CVE-2001-0656.json +++ b/2001/0xxx/CVE-2001-0656.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0656", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2001. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2001-0656", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2001. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1153.json b/2008/1xxx/CVE-2008-1153.json index 6421cce7e4d..51ce6134646 100644 --- a/2008/1xxx/CVE-2008-1153.json +++ b/2008/1xxx/CVE-2008-1153.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1153", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2008-1153", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080326 Cisco IOS User Datagram Protocol Delivery Issue For IPv4/IPv6 Dual-stack Routers", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml" - }, - { - "name" : "TA08-087B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-087B.html" - }, - { - "name" : "VU#936177", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/936177" - }, - { - "name" : "28461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28461" - }, - { - "name" : "oval:org.mitre.oval:def:5860", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5860" - }, - { - "name" : "ADV-2008-1006", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1006/references" - }, - { - "name" : "1019713", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019713" - }, - { - "name" : "29507", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29507" - }, - { - "name" : "cisco-ios-ipv6-dualstack-dos(41475)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41475" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-1006", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1006/references" + }, + { + "name": "oval:org.mitre.oval:def:5860", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5860" + }, + { + "name": "cisco-ios-ipv6-dualstack-dos(41475)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41475" + }, + { + "name": "28461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28461" + }, + { + "name": "TA08-087B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-087B.html" + }, + { + "name": "1019713", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019713" + }, + { + "name": "VU#936177", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/936177" + }, + { + "name": "20080326 Cisco IOS User Datagram Protocol Delivery Issue For IPv4/IPv6 Dual-stack Routers", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml" + }, + { + "name": "29507", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29507" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1253.json b/2008/1xxx/CVE-2008-1253.json index 942807c3bc9..f97aabd8441 100644 --- a/2008/1xxx/CVE-2008-1253.json +++ b/2008/1xxx/CVE-2008-1253.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1253", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the D-Link DSL-G604T router allows remote attackers to inject arbitrary web script or HTML via the var:category parameter, as demonstrated by a request for advanced/portforw.htm on the fwan page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080301 The Router Hacking Challenge is Over!", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489009/100/0/threaded" - }, - { - "name" : "http://www.gnucitizen.org/projects/router-hacking-challenge/", - "refsource" : "MISC", - "url" : "http://www.gnucitizen.org/projects/router-hacking-challenge/" - }, - { - "name" : "28439", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28439" - }, - { - "name" : "29530", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29530" - }, - { - "name" : "dlinkdslg604t-cgibinwebcm-xss(41117)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41117" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the D-Link DSL-G604T router allows remote attackers to inject arbitrary web script or HTML via the var:category parameter, as demonstrated by a request for advanced/portforw.htm on the fwan page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080301 The Router Hacking Challenge is Over!", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded" + }, + { + "name": "http://www.gnucitizen.org/projects/router-hacking-challenge/", + "refsource": "MISC", + "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/" + }, + { + "name": "28439", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28439" + }, + { + "name": "29530", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29530" + }, + { + "name": "dlinkdslg604t-cgibinwebcm-xss(41117)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41117" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1452.json b/2008/1xxx/CVE-2008-1452.json index 0795f8e994c..b85d351fda6 100644 --- a/2008/1xxx/CVE-2008-1452.json +++ b/2008/1xxx/CVE-2008-1452.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1452", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-1452", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1476.json b/2008/1xxx/CVE-2008-1476.json index 9ecec6c102d..672412581ff 100644 --- a/2008/1xxx/CVE-2008-1476.json +++ b/2008/1xxx/CVE-2008-1476.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html", - "refsource" : "CONFIRM", - "url" : "http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html" - }, - { - "name" : "DSA-1528", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1528" - }, - { - "name" : "28298", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28298" - }, - { - "name" : "ADV-2008-0925", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0925/references" - }, - { - "name" : "29398", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29398" - }, - { - "name" : "29502", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29502" - }, - { - "name" : "serendipity-trackbacks-data-xss(41343)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41343" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "serendipity-trackbacks-data-xss(41343)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41343" + }, + { + "name": "29398", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29398" + }, + { + "name": "DSA-1528", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1528" + }, + { + "name": "http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html", + "refsource": "CONFIRM", + "url": "http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html" + }, + { + "name": "28298", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28298" + }, + { + "name": "ADV-2008-0925", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0925/references" + }, + { + "name": "29502", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29502" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1857.json b/2008/1xxx/CVE-2008-1857.json index 764d8cedc27..7d65b63ed78 100644 --- a/2008/1xxx/CVE-2008-1857.json +++ b/2008/1xxx/CVE-2008-1857.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1857", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in viewsource.php in Make our Life Easy (Mole) 2.1.0 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) dirn and (2) fname parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1857", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5394", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5394" - }, - { - "name" : "28659", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28659" - }, - { - "name" : "ADV-2008-1141", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1141/references" - }, - { - "name" : "29685", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29685" - }, - { - "name" : "mole-viewsource-file-include(41681)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41681" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in viewsource.php in Make our Life Easy (Mole) 2.1.0 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) dirn and (2) fname parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mole-viewsource-file-include(41681)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41681" + }, + { + "name": "ADV-2008-1141", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1141/references" + }, + { + "name": "28659", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28659" + }, + { + "name": "5394", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5394" + }, + { + "name": "29685", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29685" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1900.json b/2008/1xxx/CVE-2008-1900.json index 42460ec4a35..663874cff6e 100644 --- a/2008/1xxx/CVE-2008-1900.json +++ b/2008/1xxx/CVE-2008-1900.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1900", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "option_Update.asp in Carbon Communities 2.4 and earlier allows remote attackers to edit arbitrary member information via a modified ID field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080416 Carbon Communities forum Multiple Vulnerabilities.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490923/100/0/threaded" - }, - { - "name" : "carbon-optionupdate-sql-injection(41961)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41961" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "option_Update.asp in Carbon Communities 2.4 and earlier allows remote attackers to edit arbitrary member information via a modified ID field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080416 Carbon Communities forum Multiple Vulnerabilities.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490923/100/0/threaded" + }, + { + "name": "carbon-optionupdate-sql-injection(41961)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41961" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5162.json b/2008/5xxx/CVE-2008-5162.json index 458f718d8f4..12a8fd1b5c5 100644 --- a/2008/5xxx/CVE-2008-5162.json +++ b/2008/5xxx/CVE-2008-5162.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function's return values and conduct certain attacks against the GEOM framework and various network protocols, related to the Yarrow random number generator." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secteam@freebsd.org", + "ID": "CVE-2008-5162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-08:11", - "refsource" : "FREEBSD", - "url" : "http://security.freebsd.org/advisories/FreeBSD-SA-08:11.arc4random.asc" - }, - { - "name" : "32447", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32447" - }, - { - "name" : "50137", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50137" - }, - { - "name" : "1021276", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021276" - }, - { - "name" : "32871", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32871" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function's return values and conduct certain attacks against the GEOM framework and various network protocols, related to the Yarrow random number generator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32871", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32871" + }, + { + "name": "FreeBSD-SA-08:11", + "refsource": "FREEBSD", + "url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:11.arc4random.asc" + }, + { + "name": "1021276", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021276" + }, + { + "name": "50137", + "refsource": "OSVDB", + "url": "http://osvdb.org/50137" + }, + { + "name": "32447", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32447" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5331.json b/2008/5xxx/CVE-2008-5331.json index 9004f579304..91acde2afa1 100644 --- a/2008/5xxx/CVE-2008-5331.json +++ b/2008/5xxx/CVE-2008-5331.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat 9 uses more efficient encryption than previous versions, which makes it easier for attackers to guess a document's password via a brute-force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.elcomsoft.com/PR/apdfpr_081126_en.pdf", - "refsource" : "MISC", - "url" : "http://www.elcomsoft.com/PR/apdfpr_081126_en.pdf" - }, - { - "name" : "http://blogs.adobe.com/security/2008/12/acrobat_9_and_password_encrypt.html", - "refsource" : "CONFIRM", - "url" : "http://blogs.adobe.com/security/2008/12/acrobat_9_and_password_encrypt.html" - }, - { - "name" : "32610", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32610" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat 9 uses more efficient encryption than previous versions, which makes it easier for attackers to guess a document's password via a brute-force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.elcomsoft.com/PR/apdfpr_081126_en.pdf", + "refsource": "MISC", + "url": "http://www.elcomsoft.com/PR/apdfpr_081126_en.pdf" + }, + { + "name": "32610", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32610" + }, + { + "name": "http://blogs.adobe.com/security/2008/12/acrobat_9_and_password_encrypt.html", + "refsource": "CONFIRM", + "url": "http://blogs.adobe.com/security/2008/12/acrobat_9_and_password_encrypt.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5614.json b/2008/5xxx/CVE-2008-5614.json index 990c64008ab..a1a6406ae77 100644 --- a/2008/5xxx/CVE-2008-5614.json +++ b/2008/5xxx/CVE-2008-5614.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5614", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5614", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5822.json b/2008/5xxx/CVE-2008-5822.json index 527743ab8e3..1938961cbf7 100644 --- a/2008/5xxx/CVE-2008-5822.json +++ b/2008/5xxx/CVE-2008-5822.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5822", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in Libxul, as used in Mozilla Firefox 3.0.5 and other products, allows remote attackers to cause a denial of service (memory consumption and browser hang) via a long CLASS attribute in an HR element in an HTML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jbrownsec.blogspot.com/2008/12/new-year-research-are-upon-us.html", - "refsource" : "MISC", - "url" : "http://jbrownsec.blogspot.com/2008/12/new-year-research-are-upon-us.html" - }, - { - "name" : "http://www.packetstormsecurity.org/0812-exploits/mzff_libxul_ml.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.org/0812-exploits/mzff_libxul_ml.txt" - }, - { - "name" : "libxul-class-dos(47758)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47758" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in Libxul, as used in Mozilla Firefox 3.0.5 and other products, allows remote attackers to cause a denial of service (memory consumption and browser hang) via a long CLASS attribute in an HR element in an HTML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "libxul-class-dos(47758)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47758" + }, + { + "name": "http://www.packetstormsecurity.org/0812-exploits/mzff_libxul_ml.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.org/0812-exploits/mzff_libxul_ml.txt" + }, + { + "name": "http://jbrownsec.blogspot.com/2008/12/new-year-research-are-upon-us.html", + "refsource": "MISC", + "url": "http://jbrownsec.blogspot.com/2008/12/new-year-research-are-upon-us.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2544.json b/2011/2xxx/CVE-2011-2544.json index 407d2b75bed..2c6e67f6036 100644 --- a/2011/2xxx/CVE-2011-2544.json +++ b/2011/2xxx/CVE-2011-2544.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF) attacks that change passwords or cause a denial of service, aka Bug ID CSCtq46488." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-2544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110919 Cisco TelePresence Multiple Vulnerabilities - SOS-11-010", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/519698/100/0/threaded" - }, - { - "name" : "17871", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/17871" - }, - { - "name" : "49670", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49670" - }, - { - "name" : "1026072", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1026072" - }, - { - "name" : "46057", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46057" - }, - { - "name" : "46109", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46109" - }, - { - "name" : "8393", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8393" - }, - { - "name" : "cisco-telepresence-h323-sip-xss(69906)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69906" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF) attacks that change passwords or cause a denial of service, aka Bug ID CSCtq46488." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49670", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49670" + }, + { + "name": "8393", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8393" + }, + { + "name": "46057", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46057" + }, + { + "name": "46109", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46109" + }, + { + "name": "1026072", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1026072" + }, + { + "name": "20110919 Cisco TelePresence Multiple Vulnerabilities - SOS-11-010", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/519698/100/0/threaded" + }, + { + "name": "17871", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/17871" + }, + { + "name": "cisco-telepresence-h323-sip-xss(69906)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69906" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0172.json b/2013/0xxx/CVE-2013-0172.json index d4d9701ba69..037d2de3025 100644 --- a/2013/0xxx/CVE-2013-0172.json +++ b/2013/0xxx/CVE-2013-0172.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on modifying LDAP directory objects by leveraging (1) objectClass access by a user, (2) objectClass access by a group, or (3) write access to an attribute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.samba.org/samba/security/CVE-2013-0172", - "refsource" : "CONFIRM", - "url" : "http://www.samba.org/samba/security/CVE-2013-0172" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on modifying LDAP directory objects by leveraging (1) objectClass access by a user, (2) objectClass access by a group, or (3) write access to an attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.samba.org/samba/security/CVE-2013-0172", + "refsource": "CONFIRM", + "url": "http://www.samba.org/samba/security/CVE-2013-0172" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0705.json b/2013/0xxx/CVE-2013-0705.json index e66ee6e8c7b..75745fd8956 100644 --- a/2013/0xxx/CVE-2013-0705.json +++ b/2013/0xxx/CVE-2013-0705.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in LSI 3ware Disk Manager (3DM) before 2 allows remote attackers to read arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2013-0705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jvn.jp/en/jp/JVN02596643/995349/index.html", - "refsource" : "CONFIRM", - "url" : "http://jvn.jp/en/jp/JVN02596643/995349/index.html" - }, - { - "name" : "JVN#02596643", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN02596643/index.html" - }, - { - "name" : "JVNDB-2013-000011", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000011" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in LSI 3ware Disk Manager (3DM) before 2 allows remote attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2013-000011", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000011" + }, + { + "name": "JVN#02596643", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN02596643/index.html" + }, + { + "name": "http://jvn.jp/en/jp/JVN02596643/995349/index.html", + "refsource": "CONFIRM", + "url": "http://jvn.jp/en/jp/JVN02596643/995349/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1375.json b/2013/1xxx/CVE-2013-1375.json index 171fcf7faca..f7b616aa2e2 100644 --- a/2013/1xxx/CVE-2013-1375.json +++ b/2013/1xxx/CVE-2013-1375.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2013-1375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb13-09.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb13-09.html" - }, - { - "name" : "HPSBMU02948", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139455789818399&w=2" - }, - { - "name" : "RHSA-2013:0643", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0643.html" - }, - { - "name" : "SUSE-SU-2013:0458", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00018.html" - }, - { - "name" : "openSUSE-SU-2013:0459", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00019.html" - }, - { - "name" : "openSUSE-SU-2013:0464", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00021.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:0464", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00021.html" + }, + { + "name": "openSUSE-SU-2013:0459", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00019.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb13-09.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb13-09.html" + }, + { + "name": "SUSE-SU-2013:0458", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00018.html" + }, + { + "name": "HPSBMU02948", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139455789818399&w=2" + }, + { + "name": "RHSA-2013:0643", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0643.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1399.json b/2013/1xxx/CVE-2013-1399.json index a9dec764dda..1f66946a45d 100644 --- a/2013/1xxx/CVE-2013-1399.json +++ b/2013/1xxx/CVE-2013-1399.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1399", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) live management, and (3) user administration components in the console in Puppet Enterprise (PE) before 2.7.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1399", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://puppetlabs.com/security/cve/cve-2013-1399", - "refsource" : "CONFIRM", - "url" : "https://puppetlabs.com/security/cve/cve-2013-1399" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) live management, and (3) user administration components in the console in Puppet Enterprise (PE) before 2.7.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://puppetlabs.com/security/cve/cve-2013-1399", + "refsource": "CONFIRM", + "url": "https://puppetlabs.com/security/cve/cve-2013-1399" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1479.json b/2013/1xxx/CVE-2013-1479.json index 7224c702e33..18081a1e5b4 100644 --- a/2013/1xxx/CVE-2013-1479.json +++ b/2013/1xxx/CVE-2013-1479.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-1479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" - }, - { - "name" : "HPSBMU02874", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "SSRT101184", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "RHSA-2013:0237", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0237.html" - }, - { - "name" : "TA13-032A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" - }, - { - "name" : "VU#858729", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/858729" - }, - { - "name" : "57706", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57706" - }, - { - "name" : "oval:org.mitre.oval:def:16531", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57706", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57706" + }, + { + "name": "TA13-032A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" + }, + { + "name": "VU#858729", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/858729" + }, + { + "name": "RHSA-2013:0237", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0237.html" + }, + { + "name": "HPSBMU02874", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" + }, + { + "name": "SSRT101184", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + }, + { + "name": "oval:org.mitre.oval:def:16531", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16531" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1757.json b/2013/1xxx/CVE-2013-1757.json index 6aa02079bf7..4f2587e353a 100644 --- a/2013/1xxx/CVE-2013-1757.json +++ b/2013/1xxx/CVE-2013-1757.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1757", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1757", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3200.json b/2013/3xxx/CVE-2013-3200.json index 1b3f1bfe23b..7ce93e8e8ee 100644 --- a/2013/3xxx/CVE-2013-3200.json +++ b/2013/3xxx/CVE-2013-3200.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The USB drivers in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka \"Windows USB Descriptor Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-081", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-081" - }, - { - "name" : "TA13-288A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-288A" - }, - { - "name" : "oval:org.mitre.oval:def:18630", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18630" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The USB drivers in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka \"Windows USB Descriptor Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:18630", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18630" + }, + { + "name": "MS13-081", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-081" + }, + { + "name": "TA13-288A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-288A" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3529.json b/2013/3xxx/CVE-2013-3529.json index bf56bc487f1..d4dfafca4c4 100644 --- a/2013/3xxx/CVE-2013-3529.json +++ b/2013/3xxx/CVE-2013-3529.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in user/obits.php in the WP FuneralPress plugin before 1.1.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) photo-message, or (3) youtube-message parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "24914", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/24914" - }, - { - "name" : "20130331 WP FuneralPress - Stored XSS in Guestbook", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Mar/282" - }, - { - "name" : "http://packetstormsecurity.com/files/121030/WordPress-FuneralPress-1.1.6-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/121030/WordPress-FuneralPress-1.1.6-Cross-Site-Scripting.html" - }, - { - "name" : "http://plugins.trac.wordpress.org/changeset?old_path=%2Fwp-funeral-press&old=690038&new_path=%2Fwp-funeral-press&new=690038", - "refsource" : "CONFIRM", - "url" : "http://plugins.trac.wordpress.org/changeset?old_path=%2Fwp-funeral-press&old=690038&new_path=%2Fwp-funeral-press&new=690038" - }, - { - "name" : "http://wordpress.org/extend/plugins/wp-funeral-press/changelog/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/extend/plugins/wp-funeral-press/changelog/" - }, - { - "name" : "58790", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58790" - }, - { - "name" : "52809", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52809" - }, - { - "name" : "wpfuneralpress-index-xss(83188)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83188" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in user/obits.php in the WP FuneralPress plugin before 1.1.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) photo-message, or (3) youtube-message parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130331 WP FuneralPress - Stored XSS in Guestbook", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Mar/282" + }, + { + "name": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fwp-funeral-press&old=690038&new_path=%2Fwp-funeral-press&new=690038", + "refsource": "CONFIRM", + "url": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fwp-funeral-press&old=690038&new_path=%2Fwp-funeral-press&new=690038" + }, + { + "name": "http://packetstormsecurity.com/files/121030/WordPress-FuneralPress-1.1.6-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/121030/WordPress-FuneralPress-1.1.6-Cross-Site-Scripting.html" + }, + { + "name": "52809", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52809" + }, + { + "name": "58790", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58790" + }, + { + "name": "http://wordpress.org/extend/plugins/wp-funeral-press/changelog/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/extend/plugins/wp-funeral-press/changelog/" + }, + { + "name": "24914", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/24914" + }, + { + "name": "wpfuneralpress-index-xss(83188)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83188" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4544.json b/2013/4xxx/CVE-2013-4544.json index c95f3997403..b1eec6aa3d9 100644 --- a/2013/4xxx/CVE-2013-4544.json +++ b/2013/4xxx/CVE-2013-4544.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[qemu] 20140404 [PATCH V2 0/4] CVE-2013-4544", - "refsource" : "MLIST", - "url" : "http://thread.gmane.org/gmane.comp.emulators.qemu/265562" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=3c99afc779c2c78718a565ad8c5e98de7c2c7484", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=3c99afc779c2c78718a565ad8c5e98de7c2c7484" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=8c6c0478996e8f77374e69b6df68655b0b4ba689", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=8c6c0478996e8f77374e69b6df68655b0b4ba689" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=9878d173f574df74bde0ff50b2f81009fbee81bb", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=9878d173f574df74bde0ff50b2f81009fbee81bb" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=f12d048a523780dbda702027d4a91b62af1a08d7", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=f12d048a523780dbda702027d4a91b62af1a08d7" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1087513", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1087513" - }, - { - "name" : "USN-2182-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-2182-1" - }, - { - "name" : "106013", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/106013" - }, - { - "name" : "58191", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[qemu] 20140404 [PATCH V2 0/4] CVE-2013-4544", + "refsource": "MLIST", + "url": "http://thread.gmane.org/gmane.comp.emulators.qemu/265562" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=8c6c0478996e8f77374e69b6df68655b0b4ba689", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=8c6c0478996e8f77374e69b6df68655b0b4ba689" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1087513", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087513" + }, + { + "name": "106013", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/106013" + }, + { + "name": "USN-2182-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-2182-1" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=3c99afc779c2c78718a565ad8c5e98de7c2c7484", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=3c99afc779c2c78718a565ad8c5e98de7c2c7484" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=f12d048a523780dbda702027d4a91b62af1a08d7", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=f12d048a523780dbda702027d4a91b62af1a08d7" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=9878d173f574df74bde0ff50b2f81009fbee81bb", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=9878d173f574df74bde0ff50b2f81009fbee81bb" + }, + { + "name": "58191", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58191" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4730.json b/2013/4xxx/CVE-2013-4730.json index ecda4ab1309..c79704a35c2 100644 --- a/2013/4xxx/CVE-2013-4730.json +++ b/2013/4xxx/CVE-2013-4730.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4730", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4730", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "26471", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/26471" - }, - { - "name" : "http://infosec42.blogspot.com/2013/06/unauthenticated-pcman-ftp-207-buffer.html", - "refsource" : "MISC", - "url" : "http://infosec42.blogspot.com/2013/06/unauthenticated-pcman-ftp-207-buffer.html" - }, - { - "name" : "60837", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60837" - }, - { - "name" : "94624", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/94624" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60837", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60837" + }, + { + "name": "94624", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/94624" + }, + { + "name": "26471", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/26471" + }, + { + "name": "http://infosec42.blogspot.com/2013/06/unauthenticated-pcman-ftp-207-buffer.html", + "refsource": "MISC", + "url": "http://infosec42.blogspot.com/2013/06/unauthenticated-pcman-ftp-207-buffer.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4836.json b/2013/4xxx/CVE-2013-4836.json index ed331d4d975..bf9423d1207 100644 --- a/2013/4xxx/CVE-2013-4836.json +++ b/2013/4xxx/CVE-2013-4836.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4836", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the GossipService SOAP Request implementation in the Synchronizer component before 1.4.2 in HP Application LifeCycle Management (ALM) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1759." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-4836", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02934", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969436" - }, - { - "name" : "SSRT101128", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969436" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the GossipService SOAP Request implementation in the Synchronizer component before 1.4.2 in HP Application LifeCycle Management (ALM) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1759." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMU02934", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969436" + }, + { + "name": "SSRT101128", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969436" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4870.json b/2013/4xxx/CVE-2013-4870.json index 1ddbfc6405b..b0d79bbf756 100644 --- a/2013/4xxx/CVE-2013-4870.json +++ b/2013/4xxx/CVE-2013-4870.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the News Search (news_search) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/", - "refsource" : "MISC", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/" - }, - { - "name" : "typo3-newssearch-unspecified-sql-injection(81580)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81580" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the News Search (news_search) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "typo3-newssearch-unspecified-sql-injection(81580)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81580" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/", + "refsource": "MISC", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12174.json b/2017/12xxx/CVE-2017-12174.json index 7ef4e15c55c..1f57362893f 100644 --- a/2017/12xxx/CVE-2017-12174.json +++ b/2017/12xxx/CVE-2017-12174.json @@ -1,108 +1,108 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2018-02-05T00:00:00", - "ID" : "CVE-2017-12174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HornetQ/Artemis", - "version" : { - "version_data" : [ - { - "version_value" : "before 2.4.0" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-400" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2018-02-05T00:00:00", + "ID": "CVE-2017-12174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HornetQ/Artemis", + "version": { + "version_data": [ + { + "version_value": "before 2.4.0" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12174", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12174" - }, - { - "name" : "RHSA-2018:0268", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0268" - }, - { - "name" : "RHSA-2018:0269", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0269" - }, - { - "name" : "RHSA-2018:0270", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0270" - }, - { - "name" : "RHSA-2018:0271", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0271" - }, - { - "name" : "RHSA-2018:0275", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0275" - }, - { - "name" : "RHSA-2018:0478", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0478" - }, - { - "name" : "RHSA-2018:0479", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0479" - }, - { - "name" : "RHSA-2018:0480", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0480" - }, - { - "name" : "RHSA-2018:0481", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:0479", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0479" + }, + { + "name": "RHSA-2018:0481", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0481" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12174", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12174" + }, + { + "name": "RHSA-2018:0269", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0269" + }, + { + "name": "RHSA-2018:0270", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0270" + }, + { + "name": "RHSA-2018:0271", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0271" + }, + { + "name": "RHSA-2018:0268", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0268" + }, + { + "name": "RHSA-2018:0480", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0480" + }, + { + "name": "RHSA-2018:0275", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0275" + }, + { + "name": "RHSA-2018:0478", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0478" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12391.json b/2017/12xxx/CVE-2017-12391.json index 4a38e985b5f..fe52d481b17 100644 --- a/2017/12xxx/CVE-2017-12391.json +++ b/2017/12xxx/CVE-2017-12391.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12391", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12391", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12408.json b/2017/12xxx/CVE-2017-12408.json index 4079019b46a..76c6a143e97 100644 --- a/2017/12xxx/CVE-2017-12408.json +++ b/2017/12xxx/CVE-2017-12408.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12408", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12408", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12505.json b/2017/12xxx/CVE-2017-12505.json index d87892f5afd..29ad265df65 100644 --- a/2017/12xxx/CVE-2017-12505.json +++ b/2017/12xxx/CVE-2017-12505.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-08-11T00:00:00", - "ID" : "CVE-2017-12505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intelligent Management Center (iMC) PLAT", - "version" : { - "version_data" : [ - { - "version_value" : "PLAT 7.3 (E0504)" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-08-11T00:00:00", + "ID": "CVE-2017-12505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intelligent Management Center (iMC) PLAT", + "version": { + "version_data": [ + { + "version_value": "PLAT 7.3 (E0504)" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us" - }, - { - "name" : "100367", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100367" - }, - { - "name" : "1039152", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039152", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039152" + }, + { + "name": "100367", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100367" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12907.json b/2017/12xxx/CVE-2017-12907.json index 083c9153724..4f20fdfcf1c 100644 --- a/2017/12xxx/CVE-2017-12907.json +++ b/2017/12xxx/CVE-2017-12907.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12907", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12907", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lu4n.com/cve/7.txt", - "refsource" : "MISC", - "url" : "http://lu4n.com/cve/7.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lu4n.com/cve/7.txt", + "refsource": "MISC", + "url": "http://lu4n.com/cve/7.txt" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12967.json b/2017/12xxx/CVE-2017-12967.json index e18b6f90305..173febefb61 100644 --- a/2017/12xxx/CVE-2017-12967.json +++ b/2017/12xxx/CVE-2017-12967.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21962", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21962" - }, - { - "name" : "GLSA-201801-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201801-01" - }, - { - "name" : "100462", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100462" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=21962", + "refsource": "CONFIRM", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21962" + }, + { + "name": "100462", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100462" + }, + { + "name": "GLSA-201801-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201801-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13007.json b/2017/13xxx/CVE-2017-13007.json index f44a9907f80..f5c415e5214 100644 --- a/2017/13xxx/CVE-2017-13007.json +++ b/2017/13xxx/CVE-2017-13007.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read in print-pktap.c:pktap_if_print()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tcpdump.org/tcpdump-changes.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tcpdump.org/tcpdump-changes.txt" - }, - { - "name" : "https://github.com/the-tcpdump-group/tcpdump/commit/ca336198e8bebccc18502de27672fdbd6eb34856", - "refsource" : "CONFIRM", - "url" : "https://github.com/the-tcpdump-group/tcpdump/commit/ca336198e8bebccc18502de27672fdbd6eb34856" - }, - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "DSA-3971", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3971" - }, - { - "name" : "GLSA-201709-23", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-23" - }, - { - "name" : "RHEA-2018:0705", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHEA-2018:0705" - }, - { - "name" : "1039307", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read in print-pktap.c:pktap_if_print()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201709-23", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-23" + }, + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "DSA-3971", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3971" + }, + { + "name": "1039307", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039307" + }, + { + "name": "http://www.tcpdump.org/tcpdump-changes.txt", + "refsource": "CONFIRM", + "url": "http://www.tcpdump.org/tcpdump-changes.txt" + }, + { + "name": "https://github.com/the-tcpdump-group/tcpdump/commit/ca336198e8bebccc18502de27672fdbd6eb34856", + "refsource": "CONFIRM", + "url": "https://github.com/the-tcpdump-group/tcpdump/commit/ca336198e8bebccc18502de27672fdbd6eb34856" + }, + { + "name": "RHEA-2018:0705", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHEA-2018:0705" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13424.json b/2017/13xxx/CVE-2017-13424.json index 42788c1f0ce..38b5ec1e26f 100644 --- a/2017/13xxx/CVE-2017-13424.json +++ b/2017/13xxx/CVE-2017-13424.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13424", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13424", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13650.json b/2017/13xxx/CVE-2017-13650.json index 824cc703b66..e11c4dda452 100644 --- a/2017/13xxx/CVE-2017-13650.json +++ b/2017/13xxx/CVE-2017-13650.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13650", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13650", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13926.json b/2017/13xxx/CVE-2017-13926.json index f873ba5e7c6..fde386a3b99 100644 --- a/2017/13xxx/CVE-2017-13926.json +++ b/2017/13xxx/CVE-2017-13926.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13926", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13926", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16311.json b/2017/16xxx/CVE-2017-16311.json index fac0b6bfd19..5b9cf8ceba0 100644 --- a/2017/16xxx/CVE-2017-16311.json +++ b/2017/16xxx/CVE-2017-16311.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16311", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16311", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16329.json b/2017/16xxx/CVE-2017-16329.json index 1fc905ba10c..6483c031eaa 100644 --- a/2017/16xxx/CVE-2017-16329.json +++ b/2017/16xxx/CVE-2017-16329.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16329", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16329", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16768.json b/2017/16xxx/CVE-2017-16768.json index d322ce17733..657a557de90 100644 --- a/2017/16xxx/CVE-2017-16768.json +++ b/2017/16xxx/CVE-2017-16768.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@synology.com", - "ID" : "CVE-2017-16768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@synology.com", + "ID": "CVE-2017-16768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.synology.com/en-global/support/security/Synology_SA_17_81", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/en-global/support/security/Synology_SA_17_81" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.synology.com/en-global/support/security/Synology_SA_17_81", + "refsource": "CONFIRM", + "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_81" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17026.json b/2017/17xxx/CVE-2017-17026.json index e0bfea4a680..6980295e867 100644 --- a/2017/17xxx/CVE-2017-17026.json +++ b/2017/17xxx/CVE-2017-17026.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17026", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17026", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4474.json b/2017/4xxx/CVE-2017-4474.json index bcd333ec969..176f84806d1 100644 --- a/2017/4xxx/CVE-2017-4474.json +++ b/2017/4xxx/CVE-2017-4474.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4474", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4474", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4956.json b/2017/4xxx/CVE-2017-4956.json index f662b4e43b7..f61cbd57ac3 100644 --- a/2017/4xxx/CVE-2017-4956.json +++ b/2017/4xxx/CVE-2017-4956.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4956", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4956", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18666.json b/2018/18xxx/CVE-2018-18666.json index e2dde13b86b..c1d95431061 100644 --- a/2018/18xxx/CVE-2018-18666.json +++ b/2018/18xxx/CVE-2018-18666.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18666", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of SwftCoin (SWFTC) aka SwftCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18666", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://etherscan.io/address/0x0bb217e40f8a5cb79adf04e1aab60e5abd0dfc1e#code", - "refsource" : "MISC", - "url" : "https://etherscan.io/address/0x0bb217e40f8a5cb79adf04e1aab60e5abd0dfc1e#code" - }, - { - "name" : "https://github.com/SwftCoins/SwftCoin/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/SwftCoins/SwftCoin/issues/1" - }, - { - "name" : "https://github.com/n0pn0pn0p/smart_contract_-vulnerability/blob/master/PolyAi.md", - "refsource" : "MISC", - "url" : "https://github.com/n0pn0pn0p/smart_contract_-vulnerability/blob/master/PolyAi.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of SwftCoin (SWFTC) aka SwftCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/SwftCoins/SwftCoin/issues/1", + "refsource": "MISC", + "url": "https://github.com/SwftCoins/SwftCoin/issues/1" + }, + { + "name": "https://github.com/n0pn0pn0p/smart_contract_-vulnerability/blob/master/PolyAi.md", + "refsource": "MISC", + "url": "https://github.com/n0pn0pn0p/smart_contract_-vulnerability/blob/master/PolyAi.md" + }, + { + "name": "https://etherscan.io/address/0x0bb217e40f8a5cb79adf04e1aab60e5abd0dfc1e#code", + "refsource": "MISC", + "url": "https://etherscan.io/address/0x0bb217e40f8a5cb79adf04e1aab60e5abd0dfc1e#code" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18992.json b/2018/18xxx/CVE-2018-18992.json index 9d249162b19..66eac312263 100644 --- a/2018/18xxx/CVE-2018-18992.json +++ b/2018/18xxx/CVE-2018-18992.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2019-01-15T00:00:00", - "ID" : "CVE-2018-18992", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LCDS Laquis SCADA", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to version 4.1.0.4150" - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS IN OUTPUT USED BY A DOWNSTREAM COMPONENT ('INJECTION') CWE-74" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2019-01-15T00:00:00", + "ID": "CVE-2018-18992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LCDS Laquis SCADA", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 4.1.0.4150" + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01" - }, - { - "name" : "106634", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106634" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute remote code on the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS IN OUTPUT USED BY A DOWNSTREAM COMPONENT ('INJECTION') CWE-74" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-015-01" + }, + { + "name": "106634", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106634" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1002.json b/2018/1xxx/CVE-2018-1002.json index 0061207c9f9..bb7e90f69f0 100644 --- a/2018/1xxx/CVE-2018-1002.json +++ b/2018/1xxx/CVE-2018-1002.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1002", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1002", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1206.json b/2018/1xxx/CVE-2018-1206.json index 15e071bd840..3af7fe4810e 100644 --- a/2018/1xxx/CVE-2018-1206.json +++ b/2018/1xxx/CVE-2018-1206.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2018-1206", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110", - "version" : { - "version_data" : [ - { - "version_value" : "Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110 contain a hardcoded database account with administrative privileges. The affected account is \"apollosuperuser.\" An attacker with local access to the server where DPA Datastore Service is installed and knowledge of the password may potentially gain unauthorized access to the database. Note: The Datastore Service database cannot be accessed remotely using this account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Hardcoded Password Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2018-1206", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110", + "version": { + "version_data": [ + { + "version_value": "Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2018/Mar/22", - "refsource" : "CONFIRM", - "url" : "http://seclists.org/fulldisclosure/2018/Mar/22" - }, - { - "name" : "103376", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103376" - }, - { - "name" : "1040484", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110 contain a hardcoded database account with administrative privileges. The affected account is \"apollosuperuser.\" An attacker with local access to the server where DPA Datastore Service is installed and knowledge of the password may potentially gain unauthorized access to the database. Note: The Datastore Service database cannot be accessed remotely using this account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Hardcoded Password Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2018/Mar/22", + "refsource": "CONFIRM", + "url": "http://seclists.org/fulldisclosure/2018/Mar/22" + }, + { + "name": "1040484", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040484" + }, + { + "name": "103376", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103376" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1853.json b/2018/1xxx/CVE-2018-1853.json index 39409968c7d..12fd96f96e2 100644 --- a/2018/1xxx/CVE-2018-1853.json +++ b/2018/1xxx/CVE-2018-1853.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1853", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1853", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1906.json b/2018/1xxx/CVE-2018-1906.json index 5a506ac89c9..59c9788af0c 100644 --- a/2018/1xxx/CVE-2018-1906.json +++ b/2018/1xxx/CVE-2018-1906.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1906", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1906", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5075.json b/2018/5xxx/CVE-2018-5075.json index 384d3d5e238..cae6526300b 100644 --- a/2018/5xxx/CVE-2018-5075.json +++ b/2018/5xxx/CVE-2018-5075.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_name parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Advanced%20Real%20Estate%20Script.md", - "refsource" : "MISC", - "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Advanced%20Real%20Estate%20Script.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Advanced%20Real%20Estate%20Script.md", + "refsource": "MISC", + "url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Advanced%20Real%20Estate%20Script.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5233.json b/2018/5xxx/CVE-2018-5233.json index 9c21f8e5107..899c87eea16 100644 --- a/2018/5xxx/CVE-2018-5233.json +++ b/2018/5xxx/CVE-2018-5233.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5233", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/tools." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20180315 [CVE-2018-5233] Grav CMS admin plugin Reflected Cross Site Scripting (XSS) vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2018/03/15/1" - }, - { - "name" : "https://sysdream.com/news/lab/2018-03-15-cve-2018-5233-grav-cms-admin-plugin-reflected-cross-site-scripting-xss-vulnerability/", - "refsource" : "MISC", - "url" : "https://sysdream.com/news/lab/2018-03-15-cve-2018-5233-grav-cms-admin-plugin-reflected-cross-site-scripting-xss-vulnerability/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/tools." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sysdream.com/news/lab/2018-03-15-cve-2018-5233-grav-cms-admin-plugin-reflected-cross-site-scripting-xss-vulnerability/", + "refsource": "MISC", + "url": "https://sysdream.com/news/lab/2018-03-15-cve-2018-5233-grav-cms-admin-plugin-reflected-cross-site-scripting-xss-vulnerability/" + }, + { + "name": "[oss-security] 20180315 [CVE-2018-5233] Grav CMS admin plugin Reflected Cross Site Scripting (XSS) vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2018/03/15/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5341.json b/2018/5xxx/CVE-2018-5341.json index bfd3749121b..a81e4c0f5dd 100644 --- a/2018/5xxx/CVE-2018-5341.json +++ b/2018/5xxx/CVE-2018-5341.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: a missing server-side check on the file type/extension when uploading and modifying scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central/", - "refsource" : "MISC", - "url" : "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central/" - }, - { - "name" : "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html", - "refsource" : "CONFIRM", - "url" : "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: a missing server-side check on the file type/extension when uploading and modifying scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html", + "refsource": "CONFIRM", + "url": "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html" + }, + { + "name": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central/", + "refsource": "MISC", + "url": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central/" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5650.json b/2018/5xxx/CVE-2018-5650.json index 3cfe08f57d9..da9adbb7a36 100644 --- a/2018/5xxx/CVE-2018-5650.json +++ b/2018/5xxx/CVE-2018-5650.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the unzip_match function in runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ckolivas/lrzip/issues/88", - "refsource" : "MISC", - "url" : "https://github.com/ckolivas/lrzip/issues/88" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the unzip_match function in runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ckolivas/lrzip/issues/88", + "refsource": "MISC", + "url": "https://github.com/ckolivas/lrzip/issues/88" + } + ] + } +} \ No newline at end of file