From 0d6a29674490cd04cec4394f25186a5360f44876 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 03:58:16 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0990.json | 150 +++++----- 2001/1xxx/CVE-2001-1056.json | 160 +++++----- 2001/1xxx/CVE-2001-1183.json | 160 +++++----- 2006/2xxx/CVE-2006-2930.json | 160 +++++----- 2008/1xxx/CVE-2008-1062.json | 130 ++++---- 2008/5xxx/CVE-2008-5100.json | 150 +++++----- 2008/5xxx/CVE-2008-5506.json | 530 ++++++++++++++++----------------- 2008/5xxx/CVE-2008-5831.json | 34 +-- 2011/2xxx/CVE-2011-2169.json | 120 ++++---- 2011/2xxx/CVE-2011-2220.json | 170 +++++------ 2011/3xxx/CVE-2011-3763.json | 150 +++++----- 2013/0xxx/CVE-2013-0026.json | 140 ++++----- 2013/0xxx/CVE-2013-0249.json | 240 +++++++-------- 2013/0xxx/CVE-2013-0667.json | 130 ++++---- 2013/1xxx/CVE-2013-1210.json | 120 ++++---- 2013/1xxx/CVE-2013-1220.json | 120 ++++---- 2013/1xxx/CVE-2013-1593.json | 34 +-- 2013/1xxx/CVE-2013-1690.json | 280 ++++++++--------- 2013/3xxx/CVE-2013-3282.json | 34 +-- 2013/4xxx/CVE-2013-4113.json | 310 +++++++++---------- 2013/4xxx/CVE-2013-4140.json | 190 ++++++------ 2013/4xxx/CVE-2013-4177.json | 150 +++++----- 2013/4xxx/CVE-2013-4912.json | 180 +++++------ 2013/5xxx/CVE-2013-5877.json | 170 +++++------ 2013/5xxx/CVE-2013-5914.json | 130 ++++---- 2017/12xxx/CVE-2017-12349.json | 140 ++++----- 2017/12xxx/CVE-2017-12632.json | 128 ++++---- 2017/12xxx/CVE-2017-12662.json | 140 ++++----- 2017/12xxx/CVE-2017-12683.json | 34 +-- 2017/12xxx/CVE-2017-12708.json | 130 ++++---- 2017/13xxx/CVE-2017-13297.json | 158 +++++----- 2017/13xxx/CVE-2017-13497.json | 34 +-- 2017/13xxx/CVE-2017-13821.json | 130 ++++---- 2017/16xxx/CVE-2017-16094.json | 132 ++++---- 2017/16xxx/CVE-2017-16116.json | 132 ++++---- 2017/16xxx/CVE-2017-16259.json | 34 +-- 2017/16xxx/CVE-2017-16471.json | 34 +-- 2017/16xxx/CVE-2017-16956.json | 120 ++++---- 2017/16xxx/CVE-2017-16988.json | 34 +-- 2017/4xxx/CVE-2017-4461.json | 34 +-- 2017/4xxx/CVE-2017-4619.json | 34 +-- 2017/4xxx/CVE-2017-4735.json | 34 +-- 2017/4xxx/CVE-2017-4982.json | 130 ++++---- 2018/18xxx/CVE-2018-18009.json | 130 ++++---- 2018/18xxx/CVE-2018-18045.json | 34 +-- 2018/18xxx/CVE-2018-18173.json | 34 +-- 2018/18xxx/CVE-2018-18353.json | 162 +++++----- 2018/18xxx/CVE-2018-18564.json | 130 ++++---- 2018/5xxx/CVE-2018-5356.json | 34 +-- 2018/5xxx/CVE-2018-5837.json | 130 ++++---- 2018/5xxx/CVE-2018-5902.json | 34 +-- 51 files changed, 3221 insertions(+), 3221 deletions(-) diff --git a/2001/0xxx/CVE-2001-0990.json b/2001/0xxx/CVE-2001-0990.json index 1dc2841efc0..b67a9de6741 100644 --- a/2001/0xxx/CVE-2001-0990.json +++ b/2001/0xxx/CVE-2001-0990.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0990", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0990", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010904 BUZ.CH Security Advisory 200109041: Inter7 vpopmail DB pw problem", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/212036" - }, - { - "name" : "http://www.inter7.com/vpopmail/ChangeLog", - "refsource" : "MISC", - "url" : "http://www.inter7.com/vpopmail/ChangeLog" - }, - { - "name" : "3284", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3284" - }, - { - "name" : "vpopmail-insecure-auth-data(7076)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7076" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.inter7.com/vpopmail/ChangeLog", + "refsource": "MISC", + "url": "http://www.inter7.com/vpopmail/ChangeLog" + }, + { + "name": "vpopmail-insecure-auth-data(7076)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7076" + }, + { + "name": "20010904 BUZ.CH Security Advisory 200109041: Inter7 vpopmail DB pw problem", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/212036" + }, + { + "name": "3284", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3284" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1056.json b/2001/1xxx/CVE-2001-1056.json index 6973adc1270..1a041e75b23 100644 --- a/2001/1xxx/CVE-2001-1056.json +++ b/2001/1xxx/CVE-2001-1056.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1056", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows remote attackers to bypass intended firewall restrictions by causing the target system to send a \"DCC SEND\" request to a malicious server which listens on port 6667, which may cause the module to believe that the traffic is a valid request and allow the connection to the port specified in the DCC SEND request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1056", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010730 [RAZOR] Linux kernel IP masquerading vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-07/0733.html" - }, - { - "name" : "20010730 Re: [RAZOR] Linux kernel IP masquerading vulnerability (_actual_ patch)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-07/0750.html" - }, - { - "name" : "3117", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3117" - }, - { - "name" : "linux-ipmasqirc-bypass-protection(6923)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/6923.php" - }, - { - "name" : "1916", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1916" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows remote attackers to bypass intended firewall restrictions by causing the target system to send a \"DCC SEND\" request to a malicious server which listens on port 6667, which may cause the module to believe that the traffic is a valid request and allow the connection to the port specified in the DCC SEND request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010730 Re: [RAZOR] Linux kernel IP masquerading vulnerability (_actual_ patch)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0750.html" + }, + { + "name": "20010730 [RAZOR] Linux kernel IP masquerading vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0733.html" + }, + { + "name": "linux-ipmasqirc-bypass-protection(6923)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/6923.php" + }, + { + "name": "1916", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1916" + }, + { + "name": "3117", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3117" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1183.json b/2001/1xxx/CVE-2001-1183.json index 73086b3ccd4..0850061e589 100644 --- a/2001/1xxx/CVE-2001-1183.json +++ b/2001/1xxx/CVE-2001-1183.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers to cause a denial of service (crash) via a malformed packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010712 Cisco IOS PPTP Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/PPTP-vulnerability-pub.html" - }, - { - "name" : "VU#656315", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/656315" - }, - { - "name" : "3022", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3022" - }, - { - "name" : "cisco-ios-pptp-dos(6835)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6835" - }, - { - "name" : "802", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/802" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers to cause a denial of service (crash) via a malformed packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "802", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/802" + }, + { + "name": "VU#656315", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/656315" + }, + { + "name": "cisco-ios-pptp-dos(6835)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6835" + }, + { + "name": "20010712 Cisco IOS PPTP Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/PPTP-vulnerability-pub.html" + }, + { + "name": "3022", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3022" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2930.json b/2006/2xxx/CVE-2006-2930.json index e473939b317..1c0673e5f45 100644 --- a/2006/2xxx/CVE-2006-2930.json +++ b/2006/2xxx/CVE-2006-2930.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2930", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Sun Grid Engine 5.3 and Sun N1 Grid Engine 6.0, when configured in Certificate Security Protocol (CSP) Mode, allows local users to shut down the grid service or gain access, even if access is denied." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2930", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "102321", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102321-1" - }, - { - "name" : "ADV-2006-2215", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2215" - }, - { - "name" : "1016247", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016247" - }, - { - "name" : "20518", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20518" - }, - { - "name" : "sge-csp-authentication-bypass(26997)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26997" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Sun Grid Engine 5.3 and Sun N1 Grid Engine 6.0, when configured in Certificate Security Protocol (CSP) Mode, allows local users to shut down the grid service or gain access, even if access is denied." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sge-csp-authentication-bypass(26997)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26997" + }, + { + "name": "102321", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102321-1" + }, + { + "name": "1016247", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016247" + }, + { + "name": "20518", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20518" + }, + { + "name": "ADV-2006-2215", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2215" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1062.json b/2008/1xxx/CVE-2008-1062.json index 78149d43205..c62462e58e5 100644 --- a/2008/1xxx/CVE-2008-1062.json +++ b/2008/1xxx/CVE-2008-1062.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1062", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "InterVideo IMC Server (aka IMCSvr.exe) and InterVideo Home Theater (aka IHT.exe) in InterVideo WinDVD Media Center 2.11.15.0 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet with two CRLF sequences. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1062", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "28016", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28016" - }, - { - "name" : "28910", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28910" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "InterVideo IMC Server (aka IMCSvr.exe) and InterVideo Home Theater (aka IHT.exe) in InterVideo WinDVD Media Center 2.11.15.0 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet with two CRLF sequences. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28910", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28910" + }, + { + "name": "28016", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28016" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5100.json b/2008/5xxx/CVE-2008-5100.json index e2b97fd9d75..6e05a7833cf 100644 --- a/2008/5xxx/CVE-2008-5100.json +++ b/2008/5xxx/CVE-2008-5100.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5100", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5100", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081113 New Whitepaper - .NET Framework Rootkits: Backdoors inside your Framework", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498311/100/0/threaded" - }, - { - "name" : "http://www.applicationsecurity.co.il/.NET-Framework-Rootkits.aspx", - "refsource" : "MISC", - "url" : "http://www.applicationsecurity.co.il/.NET-Framework-Rootkits.aspx" - }, - { - "name" : "http://www.applicationsecurity.co.il/LinkClick.aspx?fileticket=ycIS1bewMBI%3d&tabid=161&mid=555", - "refsource" : "MISC", - "url" : "http://www.applicationsecurity.co.il/LinkClick.aspx?fileticket=ycIS1bewMBI%3d&tabid=161&mid=555" - }, - { - "name" : "4605", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4605" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20081113 New Whitepaper - .NET Framework Rootkits: Backdoors inside your Framework", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498311/100/0/threaded" + }, + { + "name": "http://www.applicationsecurity.co.il/.NET-Framework-Rootkits.aspx", + "refsource": "MISC", + "url": "http://www.applicationsecurity.co.il/.NET-Framework-Rootkits.aspx" + }, + { + "name": "4605", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4605" + }, + { + "name": "http://www.applicationsecurity.co.il/LinkClick.aspx?fileticket=ycIS1bewMBI%3d&tabid=161&mid=555", + "refsource": "MISC", + "url": "http://www.applicationsecurity.co.il/LinkClick.aspx?fileticket=ycIS1bewMBI%3d&tabid=161&mid=555" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5506.json b/2008/5xxx/CVE-2008-5506.json index 1ed7119c10c..eac82cd9812 100644 --- a/2008/5xxx/CVE-2008-5506.json +++ b/2008/5xxx/CVE-2008-5506.json @@ -1,267 +1,267 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5506", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka \"response disclosure.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-5506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=458248", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=458248" - }, - { - "name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-64.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-64.html" - }, - { - "name" : "DSA-1697", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1697" - }, - { - "name" : "DSA-1704", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1704" - }, - { - "name" : "DSA-1707", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1707" - }, - { - "name" : "DSA-1696", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1696" - }, - { - "name" : "MDVSA-2008:245", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:245" - }, - { - "name" : "MDVSA-2009:012", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:012" - }, - { - "name" : "MDVSA-2008:244", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:244" - }, - { - "name" : "RHSA-2008:1036", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-1036.html" - }, - { - "name" : "RHSA-2008:1037", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-1037.html" - }, - { - "name" : "RHSA-2009:0002", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0002.html" - }, - { - "name" : "256408", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" - }, - { - "name" : "258748", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1" - }, - { - "name" : "USN-690-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/690-1/" - }, - { - "name" : "USN-690-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-690-2" - }, - { - "name" : "USN-690-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/690-3/" - }, - { - "name" : "USN-701-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-701-1" - }, - { - "name" : "USN-701-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-701-2" - }, - { - "name" : "32882", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32882" - }, - { - "name" : "oval:org.mitre.oval:def:10512", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10512" - }, - { - "name" : "1021427", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021427" - }, - { - "name" : "33231", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33231" - }, - { - "name" : "33433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33433" - }, - { - "name" : "33216", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33216" - }, - { - "name" : "33232", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33232" - }, - { - "name" : "33523", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33523" - }, - { - "name" : "33547", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33547" - }, - { - "name" : "33184", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33184" - }, - { - "name" : "33188", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33188" - }, - { - "name" : "33189", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33189" - }, - { - "name" : "33203", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33203" - }, - { - "name" : "33204", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33204" - }, - { - "name" : "33205", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33205" - }, - { - "name" : "33421", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33421" - }, - { - "name" : "33434", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33434" - }, - { - "name" : "34501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34501" - }, - { - "name" : "35080", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35080" - }, - { - "name" : "33408", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33408" - }, - { - "name" : "33415", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33415" - }, - { - "name" : "ADV-2009-0977", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0977" - }, - { - "name" : "mozilla-xmlhttprequest-302-info-disclosure(47412)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47412" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka \"response disclosure.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32882", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32882" + }, + { + "name": "oval:org.mitre.oval:def:10512", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10512" + }, + { + "name": "33408", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33408" + }, + { + "name": "DSA-1697", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1697" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=458248", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=458248" + }, + { + "name": "1021427", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021427" + }, + { + "name": "USN-690-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/690-3/" + }, + { + "name": "33205", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33205" + }, + { + "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-64.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-64.html" + }, + { + "name": "33421", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33421" + }, + { + "name": "33232", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33232" + }, + { + "name": "RHSA-2008:1036", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-1036.html" + }, + { + "name": "ADV-2009-0977", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0977" + }, + { + "name": "USN-690-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-690-2" + }, + { + "name": "USN-701-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-701-1" + }, + { + "name": "33231", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33231" + }, + { + "name": "mozilla-xmlhttprequest-302-info-disclosure(47412)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47412" + }, + { + "name": "MDVSA-2008:245", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:245" + }, + { + "name": "USN-690-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/690-1/" + }, + { + "name": "MDVSA-2009:012", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:012" + }, + { + "name": "33203", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33203" + }, + { + "name": "33433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33433" + }, + { + "name": "DSA-1707", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1707" + }, + { + "name": "33216", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33216" + }, + { + "name": "256408", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" + }, + { + "name": "RHSA-2008:1037", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-1037.html" + }, + { + "name": "DSA-1704", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1704" + }, + { + "name": "DSA-1696", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1696" + }, + { + "name": "33204", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33204" + }, + { + "name": "USN-701-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-701-2" + }, + { + "name": "33184", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33184" + }, + { + "name": "RHSA-2009:0002", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0002.html" + }, + { + "name": "258748", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1" + }, + { + "name": "MDVSA-2008:244", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:244" + }, + { + "name": "33415", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33415" + }, + { + "name": "33188", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33188" + }, + { + "name": "33523", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33523" + }, + { + "name": "35080", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35080" + }, + { + "name": "33547", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33547" + }, + { + "name": "33434", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33434" + }, + { + "name": "33189", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33189" + }, + { + "name": "34501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34501" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5831.json b/2008/5xxx/CVE-2008-5831.json index 0702dd69453..3248a0c42ba 100644 --- a/2008/5xxx/CVE-2008-5831.json +++ b/2008/5xxx/CVE-2008-5831.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5831", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5831", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2169.json b/2011/2xxx/CVE-2011-2169.json index 9c07f1fdf82..297d25774be 100644 --- a/2011/2xxx/CVE-2011-2169.json +++ b/2011/2xxx/CVE-2011-2169.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome OS before R12 0.12.433.38 Beta allows local users to gain privileges by creating a /var/lib/chromeos-aliases.conf file and placing commands in it." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2011/05/chrome-os-beta-channel-update_16.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/05/chrome-os-beta-channel-update_16.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome OS before R12 0.12.433.38 Beta allows local users to gain privileges by creating a /var/lib/chromeos-aliases.conf file and placing commands in it." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2011/05/chrome-os-beta-channel-update_16.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/05/chrome-os-beta-channel-update_16.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2220.json b/2011/2xxx/CVE-2011-2220.json index fdc6d5a7a7b..2315a742a32 100644 --- a/2011/2xxx/CVE-2011-2220.json +++ b/2011/2xxx/CVE-2011-2220.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in NFREngine.exe in Novell File Reporter Engine before 1.0.2.53, as used in Novell File Reporter and other products, allows remote attackers to execute arbitrary code via a crafted RECORD element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110627 ZDI-11-227: Novell File Reporter Engine RECORD Tag Parsing Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/518632/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-227", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-227" - }, - { - "name" : "http://download.novell.com/Download?buildid=leLxi7tQACs~", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/Download?buildid=leLxi7tQACs~" - }, - { - "name" : "1025722", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025722" - }, - { - "name" : "45065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45065" - }, - { - "name" : "8305", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8305" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in NFREngine.exe in Novell File Reporter Engine before 1.0.2.53, as used in Novell File Reporter and other products, allows remote attackers to execute arbitrary code via a crafted RECORD element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://download.novell.com/Download?buildid=leLxi7tQACs~", + "refsource": "CONFIRM", + "url": "http://download.novell.com/Download?buildid=leLxi7tQACs~" + }, + { + "name": "8305", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8305" + }, + { + "name": "45065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45065" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-227", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-227" + }, + { + "name": "1025722", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025722" + }, + { + "name": "20110627 ZDI-11-227: Novell File Reporter Engine RECORD Tag Parsing Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/518632/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3763.json b/2011/3xxx/CVE-2011-3763.json index 49c4ea46b65..237aaa3f16b 100644 --- a/2011/3xxx/CVE-2011-3763.json +++ b/2011/3xxx/CVE-2011-3763.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3763", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenCart 1.4.9.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/startup.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3763", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/opencart_v1.4.9.3", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/opencart_v1.4.9.3" - }, - { - "name" : "opencart-startup-path-disclosure(70609)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenCart 1.4.9.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/startup.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "opencart-startup-path-disclosure(70609)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70609" + }, + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/opencart_v1.4.9.3", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/opencart_v1.4.9.3" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0026.json b/2013/0xxx/CVE-2013-0026.json index 65213e38ce0..a699c985eb9 100644 --- a/2013/0xxx/CVE-2013-0026.json +++ b/2013/0xxx/CVE-2013-0026.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0026", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka \"Internet Explorer InsertElement Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-0026", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-009", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-009" - }, - { - "name" : "TA13-043B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-043B.html" - }, - { - "name" : "oval:org.mitre.oval:def:16472", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16472" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka \"Internet Explorer InsertElement Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16472", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16472" + }, + { + "name": "MS13-009", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-009" + }, + { + "name": "TA13-043B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-043B.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0249.json b/2013/0xxx/CVE-2013-0249.json index b4a9f97603c..6494eb22190 100644 --- a/2013/0xxx/CVE-2013-0249.json +++ b/2013/0xxx/CVE-2013-0249.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "24487", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/24487" - }, - { - "name" : "http://blog.volema.com/curl-rce.html", - "refsource" : "MISC", - "url" : "http://blog.volema.com/curl-rce.html" - }, - { - "name" : "http://nakedsecurity.sophos.com/2013/02/10/anatomy-of-a-vulnerability-curl-web-download-toolkit-holed-by-authentication-bug/", - "refsource" : "MISC", - "url" : "http://nakedsecurity.sophos.com/2013/02/10/anatomy-of-a-vulnerability-curl-web-download-toolkit-holed-by-authentication-bug/" - }, - { - "name" : "http://packetstormsecurity.com/files/120147/cURL-Buffer-Overflow.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/120147/cURL-Buffer-Overflow.html" - }, - { - "name" : "http://packetstormsecurity.com/files/120170/Slackware-Security-Advisory-curl-Updates.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/120170/Slackware-Security-Advisory-curl-Updates.html" - }, - { - "name" : "http://curl.haxx.se/docs/adv_20130206.html", - "refsource" : "CONFIRM", - "url" : "http://curl.haxx.se/docs/adv_20130206.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "APPLE-SA-2013-10-22-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html" - }, - { - "name" : "FEDORA-2013-2098", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099140.html" - }, - { - "name" : "USN-1721-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1721-1" - }, - { - "name" : "57842", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57842" - }, - { - "name" : "89988", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/89988" - }, - { - "name" : "1028093", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028093" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "http://packetstormsecurity.com/files/120170/Slackware-Security-Advisory-curl-Updates.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/120170/Slackware-Security-Advisory-curl-Updates.html" + }, + { + "name": "57842", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57842" + }, + { + "name": "APPLE-SA-2013-10-22-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html" + }, + { + "name": "24487", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/24487" + }, + { + "name": "USN-1721-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1721-1" + }, + { + "name": "FEDORA-2013-2098", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099140.html" + }, + { + "name": "1028093", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028093" + }, + { + "name": "89988", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/89988" + }, + { + "name": "http://packetstormsecurity.com/files/120147/cURL-Buffer-Overflow.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/120147/cURL-Buffer-Overflow.html" + }, + { + "name": "http://blog.volema.com/curl-rce.html", + "refsource": "MISC", + "url": "http://blog.volema.com/curl-rce.html" + }, + { + "name": "http://curl.haxx.se/docs/adv_20130206.html", + "refsource": "CONFIRM", + "url": "http://curl.haxx.se/docs/adv_20130206.html" + }, + { + "name": "http://nakedsecurity.sophos.com/2013/02/10/anatomy-of-a-vulnerability-curl-web-download-toolkit-holed-by-authentication-bug/", + "refsource": "MISC", + "url": "http://nakedsecurity.sophos.com/2013/02/10/anatomy-of-a-vulnerability-curl-web-download-toolkit-holed-by-authentication-bug/" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0667.json b/2013/0xxx/CVE-2013-0667.json index 76ad55c108c..d5d7a19caf2 100644 --- a/2013/0xxx/CVE-2013-0667.json +++ b/2013/0xxx/CVE-2013-0667.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0667", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2013-0667", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf" - }, - { - "name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf" + }, + { + "name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1210.json b/2013/1xxx/CVE-2013-1210.json index 63cb64401ae..11dfe41f4f8 100644 --- a/2013/1xxx/CVE-2013-1210.json +++ b/2013/1xxx/CVE-2013-1210.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Array index error in the Virtual Ethernet Module (VEM) kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of service (ESXi crash and purple screen of death) by sending crafted STUN packets to a VEM, aka Bug ID CSCud14825." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130528 Cisco Nexus 1000V ESXi Hypervisor Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1210" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array index error in the Virtual Ethernet Module (VEM) kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of service (ESXi crash and purple screen of death) by sending crafted STUN packets to a VEM, aka Bug ID CSCud14825." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130528 Cisco Nexus 1000V ESXi Hypervisor Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1210" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1220.json b/2013/1xxx/CVE-2013-1220.json index fb1d8a0deca..6effc7327e2 100644 --- a/2013/1xxx/CVE-2013-1220.json +++ b/2013/1xxx/CVE-2013-1220.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CallServer component in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to cause a denial of service (call-acceptance outage) via malformed SIP INVITE messages, aka Bug ID CSCua65148." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130508 Multiple Vulnerabilities in Cisco Unified Customer Voice Portal Software", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CallServer component in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to cause a denial of service (call-acceptance outage) via malformed SIP INVITE messages, aka Bug ID CSCua65148." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130508 Multiple Vulnerabilities in Cisco Unified Customer Voice Portal Software", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1593.json b/2013/1xxx/CVE-2013-1593.json index 27c1541904b..eb85e162f53 100644 --- a/2013/1xxx/CVE-2013-1593.json +++ b/2013/1xxx/CVE-2013-1593.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1593", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1593", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1690.json b/2013/1xxx/CVE-2013-1690.json index 5ffab482114..4611678bb0e 100644 --- a/2013/1xxx/CVE-2013-1690.json +++ b/2013/1xxx/CVE-2013-1690.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1690", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-1690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-53.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-53.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=857883", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=857883" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=901365", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=901365" - }, - { - "name" : "DSA-2716", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2716" - }, - { - "name" : "DSA-2720", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2720" - }, - { - "name" : "RHSA-2013:0981", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0981.html" - }, - { - "name" : "RHSA-2013:0982", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0982.html" - }, - { - "name" : "SUSE-SU-2013:1152", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html" - }, - { - "name" : "SUSE-SU-2013:1153", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html" - }, - { - "name" : "openSUSE-SU-2013:1140", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html" - }, - { - "name" : "openSUSE-SU-2013:1141", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html" - }, - { - "name" : "openSUSE-SU-2013:1142", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html" - }, - { - "name" : "openSUSE-SU-2013:1143", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html" - }, - { - "name" : "USN-1890-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1890-1" - }, - { - "name" : "USN-1891-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1891-1" - }, - { - "name" : "60778", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60778" - }, - { - "name" : "oval:org.mitre.oval:def:16996", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16996" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1890-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1890-1" + }, + { + "name": "RHSA-2013:0982", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0982.html" + }, + { + "name": "SUSE-SU-2013:1153", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html" + }, + { + "name": "SUSE-SU-2013:1152", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=857883", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=857883" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-53.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-53.html" + }, + { + "name": "RHSA-2013:0981", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0981.html" + }, + { + "name": "USN-1891-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1891-1" + }, + { + "name": "openSUSE-SU-2013:1141", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html" + }, + { + "name": "DSA-2716", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2716" + }, + { + "name": "oval:org.mitre.oval:def:16996", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16996" + }, + { + "name": "openSUSE-SU-2013:1142", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html" + }, + { + "name": "openSUSE-SU-2013:1140", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html" + }, + { + "name": "DSA-2720", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2720" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=901365", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=901365" + }, + { + "name": "60778", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60778" + }, + { + "name": "openSUSE-SU-2013:1143", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3282.json b/2013/3xxx/CVE-2013-3282.json index ea1321dba21..246a6fa460b 100644 --- a/2013/3xxx/CVE-2013-3282.json +++ b/2013/3xxx/CVE-2013-3282.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3282", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-3282", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4113.json b/2013/4xxx/CVE-2013-4113.json index 79d7c62a7b9..e59ac20fdb9 100644 --- a/2013/4xxx/CVE-2013-4113.json +++ b/2013/4xxx/CVE-2013-4113.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.php.net/?p=php-src.git;a=commit;h=7d163e8a0880ae8af2dd869071393e5dc07ef271", - "refsource" : "CONFIRM", - "url" : "http://git.php.net/?p=php-src.git;a=commit;h=7d163e8a0880ae8af2dd869071393e5dc07ef271" - }, - { - "name" : "http://php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://php.net/ChangeLog-5.php" - }, - { - "name" : "http://php.net/archive/2013.php#id2013-07-11-1", - "refsource" : "CONFIRM", - "url" : "http://php.net/archive/2013.php#id2013-07-11-1" - }, - { - "name" : "https://bugs.php.net/bug.php?id=65236", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=65236" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=983689", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=983689" - }, - { - "name" : "http://support.apple.com/kb/HT6150", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6150" - }, - { - "name" : "DSA-2723", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2723" - }, - { - "name" : "RHSA-2013:1049", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1049.html" - }, - { - "name" : "RHSA-2013:1050", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1050.html" - }, - { - "name" : "RHSA-2013:1061", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1061.html" - }, - { - "name" : "RHSA-2013:1063", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1063.html" - }, - { - "name" : "RHSA-2013:1062", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1062.html" - }, - { - "name" : "SUSE-SU-2013:1285", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html" - }, - { - "name" : "SUSE-SU-2013:1316", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00007.html" - }, - { - "name" : "SUSE-SU-2013:1315", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html" - }, - { - "name" : "USN-1905-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1905-1" - }, - { - "name" : "54071", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54071" - }, - { - "name" : "54104", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54104" - }, - { - "name" : "54163", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54163" - }, - { - "name" : "54165", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54165" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54071", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54071" + }, + { + "name": "RHSA-2013:1061", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1061.html" + }, + { + "name": "54165", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54165" + }, + { + "name": "54104", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54104" + }, + { + "name": "SUSE-SU-2013:1316", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00007.html" + }, + { + "name": "http://git.php.net/?p=php-src.git;a=commit;h=7d163e8a0880ae8af2dd869071393e5dc07ef271", + "refsource": "CONFIRM", + "url": "http://git.php.net/?p=php-src.git;a=commit;h=7d163e8a0880ae8af2dd869071393e5dc07ef271" + }, + { + "name": "DSA-2723", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2723" + }, + { + "name": "54163", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54163" + }, + { + "name": "https://bugs.php.net/bug.php?id=65236", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=65236" + }, + { + "name": "USN-1905-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1905-1" + }, + { + "name": "RHSA-2013:1062", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1062.html" + }, + { + "name": "http://support.apple.com/kb/HT6150", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6150" + }, + { + "name": "http://php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://php.net/ChangeLog-5.php" + }, + { + "name": "RHSA-2013:1050", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1050.html" + }, + { + "name": "RHSA-2013:1049", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1049.html" + }, + { + "name": "RHSA-2013:1063", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1063.html" + }, + { + "name": "SUSE-SU-2013:1315", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html" + }, + { + "name": "SUSE-SU-2013:1285", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=983689", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=983689" + }, + { + "name": "http://php.net/archive/2013.php#id2013-07-11-1", + "refsource": "CONFIRM", + "url": "http://php.net/archive/2013.php#id2013-07-11-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4140.json b/2013/4xxx/CVE-2013-4140.json index c2763b091d2..f2c2ce33ee0 100644 --- a/2013/4xxx/CVE-2013-4140.json +++ b/2013/4xxx/CVE-2013-4140.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the TinyBox (Simple Splash) module before 7.x-2.2 for Drupal allows remote authenticated users with the \"administer tinybox\" permission to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130710 [Security-news] SA-CONTRIB-2013-057 - TinyBox - Cross Site Scripting (XSS)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Jul/86" - }, - { - "name" : "[oss-security] 20130717 Re: CVE request for Drupal contrib modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/07/17/1" - }, - { - "name" : "https://drupal.org/node/2038807", - "refsource" : "MISC", - "url" : "https://drupal.org/node/2038807" - }, - { - "name" : "https://drupal.org/node/2031575", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/2031575" - }, - { - "name" : "61078", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61078" - }, - { - "name" : "95153", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95153" - }, - { - "name" : "54091", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54091" - }, - { - "name" : "tinybox-unspecified-xss(85600)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85600" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the TinyBox (Simple Splash) module before 7.x-2.2 for Drupal allows remote authenticated users with the \"administer tinybox\" permission to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95153", + "refsource": "OSVDB", + "url": "http://osvdb.org/95153" + }, + { + "name": "61078", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61078" + }, + { + "name": "https://drupal.org/node/2031575", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/2031575" + }, + { + "name": "20130710 [Security-news] SA-CONTRIB-2013-057 - TinyBox - Cross Site Scripting (XSS)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Jul/86" + }, + { + "name": "54091", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54091" + }, + { + "name": "[oss-security] 20130717 Re: CVE request for Drupal contrib modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/07/17/1" + }, + { + "name": "tinybox-unspecified-xss(85600)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85600" + }, + { + "name": "https://drupal.org/node/2038807", + "refsource": "MISC", + "url": "https://drupal.org/node/2038807" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4177.json b/2013/4xxx/CVE-2013-4177.json index 3a78a5229f1..f7be915b710 100644 --- a/2013/4xxx/CVE-2013-4177.json +++ b/2013/4xxx/CVE-2013-4177.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-factor authentication requirement via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://drupal.org/node/1995706", - "refsource" : "MISC", - "url" : "https://drupal.org/node/1995706" - }, - { - "name" : "https://drupal.org/node/1995482", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/1995482" - }, - { - "name" : "https://drupal.org/node/1995634", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/1995634" - }, - { - "name" : "59884", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59884" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-factor authentication requirement via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://drupal.org/node/1995634", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/1995634" + }, + { + "name": "59884", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59884" + }, + { + "name": "https://drupal.org/node/1995706", + "refsource": "MISC", + "url": "https://drupal.org/node/1995706" + }, + { + "name": "https://drupal.org/node/1995482", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/1995482" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4912.json b/2013/4xxx/CVE-2013-4912.json index 4274becb399..a4ef712fb46 100644 --- a/2013/4xxx/CVE-2013-4912.json +++ b/2013/4xxx/CVE-2013-4912.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper configuration of SIMATIC HMI panels by the WinCC product." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html", - "refsource" : "MISC", - "url" : "http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-13-213-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-13-213-02" - }, - { - "name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf" - }, - { - "name" : "61535", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61535" - }, - { - "name" : "54051", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54051" - }, - { - "name" : "54252", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54252" - }, - { - "name" : "simatic-cve20134912-spoofing(86100)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86100" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper configuration of SIMATIC HMI panels by the WinCC product." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html", + "refsource": "MISC", + "url": "http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html" + }, + { + "name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf" + }, + { + "name": "61535", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61535" + }, + { + "name": "54051", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54051" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-13-213-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-213-02" + }, + { + "name": "simatic-cve20134912-spoofing(86100)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86100" + }, + { + "name": "54252", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54252" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5877.json b/2013/5xxx/CVE-2013-5877.json index b38eb0de731..339cbd540d6 100644 --- a/2013/5xxx/CVE-2013-5877.json +++ b/2013/5xxx/CVE-2013-5877.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5877", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.0, and 12.2.1 allows remote attackers to affect confidentiality via unknown vectors related to DM Others." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5877", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64831", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64831" - }, - { - "name" : "102094", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102094" - }, - { - "name" : "1029620", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029620" - }, - { - "name" : "56474", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.0, and 12.2.1 allows remote attackers to affect confidentiality via unknown vectors related to DM Others." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102094", + "refsource": "OSVDB", + "url": "http://osvdb.org/102094" + }, + { + "name": "1029620", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029620" + }, + { + "name": "64831", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64831" + }, + { + "name": "56474", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56474" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5914.json b/2013/5xxx/CVE-2013-5914.json index 7b3b9edc041..f2914db7126 100644 --- a/2013/5xxx/CVE-2013-5914.json +++ b/2013/5xxx/CVE-2013-5914.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5914", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the ssl_read_record function in ssl_tls.c in PolarSSL before 1.1.8, when using TLS 1.1, might allow remote attackers to execute arbitrary code via a long packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5914", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-04", - "refsource" : "CONFIRM", - "url" : "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-04" - }, - { - "name" : "DSA-2782", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2782" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the ssl_read_record function in ssl_tls.c in PolarSSL before 1.1.8, when using TLS 1.1, might allow remote attackers to execute arbitrary code via a long packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-04", + "refsource": "CONFIRM", + "url": "https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-04" + }, + { + "name": "DSA-2782", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2782" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12349.json b/2017/12xxx/CVE-2017-12349.json index 857ee9c07e9..7c4fa0b00a1 100644 --- a/2017/12xxx/CVE-2017-12349.json +++ b/2017/12xxx/CVE-2017-12349.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco UCS Central Software", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco UCS Central Software" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs: CSCvf71978, CSCvf71986." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco UCS Central Software", + "version": { + "version_data": [ + { + "version_value": "Cisco UCS Central Software" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ucs-central", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ucs-central" - }, - { - "name" : "102018", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102018" - }, - { - "name" : "1039924", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039924" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs: CSCvf71978, CSCvf71986." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102018", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102018" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ucs-central", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ucs-central" + }, + { + "name": "1039924", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039924" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12632.json b/2017/12xxx/CVE-2017-12632.json index 72d8fc56c0c..597e39e7f16 100644 --- a/2017/12xxx/CVE-2017-12632.json +++ b/2017/12xxx/CVE-2017-12632.json @@ -1,66 +1,66 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-01-12T00:00:00", - "ID" : "CVE-2017-12632", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache NiFi", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.0 - 1.4.0" - }, - { - "version_value" : "0.1.0 - 0.7.x" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. The fix to sanitize host headers and compare to a controlled whitelist was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate release." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-01-12T00:00:00", + "ID": "CVE-2017-12632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache NiFi", + "version": { + "version_data": [ + { + "version_value": "1.0.0 - 1.4.0" + }, + { + "version_value": "0.1.0 - 0.7.x" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nifi.apache.org/security.html#CVE-2017-12632", - "refsource" : "CONFIRM", - "url" : "https://nifi.apache.org/security.html#CVE-2017-12632" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. The fix to sanitize host headers and compare to a controlled whitelist was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate release." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nifi.apache.org/security.html#CVE-2017-12632", + "refsource": "CONFIRM", + "url": "https://nifi.apache.org/security.html#CVE-2017-12632" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12662.json b/2017/12xxx/CVE-2017-12662.json index d42c0dc1d46..c770b55b086 100644 --- a/2017/12xxx/CVE-2017-12662.json +++ b/2017/12xxx/CVE-2017-12662.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12662", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in coders/pdf.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12662", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/73a2bad43d157acfe360595feee739b4cc4406cb", - "refsource" : "MISC", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/73a2bad43d157acfe360595feee739b4cc4406cb" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/576", - "refsource" : "MISC", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/576" - }, - { - "name" : "100232", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100232" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in coders/pdf.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/73a2bad43d157acfe360595feee739b4cc4406cb", + "refsource": "MISC", + "url": "https://github.com/ImageMagick/ImageMagick/commit/73a2bad43d157acfe360595feee739b4cc4406cb" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/576", + "refsource": "MISC", + "url": "https://github.com/ImageMagick/ImageMagick/issues/576" + }, + { + "name": "100232", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100232" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12683.json b/2017/12xxx/CVE-2017-12683.json index d32335e3099..c037a0853b6 100644 --- a/2017/12xxx/CVE-2017-12683.json +++ b/2017/12xxx/CVE-2017-12683.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12683", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12683", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12708.json b/2017/12xxx/CVE-2017-12708.json index d74b9c63588..512e98bc4de 100644 --- a/2017/12xxx/CVE-2017-12708.json +++ b/2017/12xxx/CVE-2017-12708.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-12708", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Advantech WebAccess", - "version" : { - "version_data" : [ - { - "version_value" : "Advantech WebAccess" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which may allow an attacker to execute arbitrary code or cause the system to crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-119" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-12708", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advantech WebAccess", + "version": { + "version_data": [ + { + "version_value": "Advantech WebAccess" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" - }, - { - "name" : "100526", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which may allow an attacker to execute arbitrary code or cause the system to crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" + }, + { + "name": "100526", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100526" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13297.json b/2017/13xxx/CVE-2017-13297.json index b663a3ea112..b56e157fd95 100644 --- a/2017/13xxx/CVE-2017-13297.json +++ b/2017/13xxx/CVE-2017-13297.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2017-13297", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71766721." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2017-13297", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71766721." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-04-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13497.json b/2017/13xxx/CVE-2017-13497.json index 103bc87544a..32023bc2428 100644 --- a/2017/13xxx/CVE-2017-13497.json +++ b/2017/13xxx/CVE-2017-13497.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13497", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13497", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13821.json b/2017/13xxx/CVE-2017-13821.json index f27947317f0..86ab7394144 100644 --- a/2017/13xxx/CVE-2017-13821.json +++ b/2017/13xxx/CVE-2017-13821.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-13821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the \"CFString\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-13821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "1039710", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039710" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the \"CFString\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "1039710", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039710" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16094.json b/2017/16xxx/CVE-2017-16094.json index 4d62368a120..62e9bd82612 100644 --- a/2017/16xxx/CVE-2017-16094.json +++ b/2017/16xxx/CVE-2017-16094.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "iter-http node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "iter-http is a server for static files. iter-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iter-http node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/iter-http", - "refsource" : "MISC", - "url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/iter-http" - }, - { - "name" : "https://nodesecurity.io/advisories/343", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/343" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "iter-http is a server for static files. iter-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/343", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/343" + }, + { + "name": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/iter-http", + "refsource": "MISC", + "url": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/iter-http" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16116.json b/2017/16xxx/CVE-2017-16116.json index 3914218c388..daa106ae817 100644 --- a/2017/16xxx/CVE-2017-16116.json +++ b/2017/16xxx/CVE-2017-16116.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "string node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service (CWE-400)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "string node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/jprichardson/string.js/issues/212", - "refsource" : "MISC", - "url" : "https://github.com/jprichardson/string.js/issues/212" - }, - { - "name" : "https://nodesecurity.io/advisories/536", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/536" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (CWE-400)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/jprichardson/string.js/issues/212", + "refsource": "MISC", + "url": "https://github.com/jprichardson/string.js/issues/212" + }, + { + "name": "https://nodesecurity.io/advisories/536", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/536" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16259.json b/2017/16xxx/CVE-2017-16259.json index 863ee557160..c9373031cf5 100644 --- a/2017/16xxx/CVE-2017-16259.json +++ b/2017/16xxx/CVE-2017-16259.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16259", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16259", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16471.json b/2017/16xxx/CVE-2017-16471.json index 94efb13207b..69ecef5aa1b 100644 --- a/2017/16xxx/CVE-2017-16471.json +++ b/2017/16xxx/CVE-2017-16471.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16471", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-16471", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16956.json b/2017/16xxx/CVE-2017-16956.json index 72f62ac4083..77db34f553d 100644 --- a/2017/16xxx/CVE-2017-16956.json +++ b/2017/16xxx/CVE-2017-16956.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16956", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter with a modified title." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16956", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/b3log/symphony/issues/509", - "refsource" : "CONFIRM", - "url" : "https://github.com/b3log/symphony/issues/509" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter with a modified title." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/b3log/symphony/issues/509", + "refsource": "CONFIRM", + "url": "https://github.com/b3log/symphony/issues/509" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16988.json b/2017/16xxx/CVE-2017-16988.json index 3174a42e526..96d9d410f64 100644 --- a/2017/16xxx/CVE-2017-16988.json +++ b/2017/16xxx/CVE-2017-16988.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16988", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16988", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4461.json b/2017/4xxx/CVE-2017-4461.json index 35272fc9f69..3b6c98d12d9 100644 --- a/2017/4xxx/CVE-2017-4461.json +++ b/2017/4xxx/CVE-2017-4461.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4461", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4461", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4619.json b/2017/4xxx/CVE-2017-4619.json index a2a1b395e0a..b330aa77ec5 100644 --- a/2017/4xxx/CVE-2017-4619.json +++ b/2017/4xxx/CVE-2017-4619.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4619", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4619", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4735.json b/2017/4xxx/CVE-2017-4735.json index 50ccdd82e57..f0c5f268f83 100644 --- a/2017/4xxx/CVE-2017-4735.json +++ b/2017/4xxx/CVE-2017-4735.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4735", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4735", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4982.json b/2017/4xxx/CVE-2017-4982.json index d5a9bb24aee..ff8ae31ee78 100644 --- a/2017/4xxx/CVE-2017-4982.json +++ b/2017/4xxx/CVE-2017-4982.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-4982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0 and 8.1.0", - "version" : { - "version_data" : [ - { - "version_value" : "EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0 and 8.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1.0 contains a fix for a privilege management vulnerability that could potentially be exploited by malicious users to compromise the affected system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege management vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-4982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0 and 8.1.0", + "version": { + "version_data": [ + { + "version_value": "EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0 and 8.1.0" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/archive/1/540531/30/0/threaded", - "refsource" : "CONFIRM", - "url" : "http://www.securityfocus.com/archive/1/540531/30/0/threaded" - }, - { - "name" : "98049", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98049" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1.0 contains a fix for a privilege management vulnerability that could potentially be exploited by malicious users to compromise the affected system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege management vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98049", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98049" + }, + { + "name": "http://www.securityfocus.com/archive/1/540531/30/0/threaded", + "refsource": "CONFIRM", + "url": "http://www.securityfocus.com/archive/1/540531/30/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18009.json b/2018/18xxx/CVE-2018-18009.json index 7283b600912..7547909b3ba 100644 --- a/2018/18xxx/CVE-2018-18009.json +++ b/2018/18xxx/CVE-2018-18009.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181221 [CVE-2018-18009] dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Dec/46" - }, - { - "name" : "106336", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106336" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106336", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106336" + }, + { + "name": "20181221 [CVE-2018-18009] dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Dec/46" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18045.json b/2018/18xxx/CVE-2018-18045.json index 1385476b4fa..b7b07bf9885 100644 --- a/2018/18xxx/CVE-2018-18045.json +++ b/2018/18xxx/CVE-2018-18045.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18045", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18045", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18173.json b/2018/18xxx/CVE-2018-18173.json index 4c05e9c4868..16dd55a540b 100644 --- a/2018/18xxx/CVE-2018-18173.json +++ b/2018/18xxx/CVE-2018-18173.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18173", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18173", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18353.json b/2018/18xxx/CVE-2018-18353.json index e6951cb8712..69e8d337700 100644 --- a/2018/18xxx/CVE-2018-18353.json +++ b/2018/18xxx/CVE-2018-18353.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-18353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "71.0.3578.80" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Inappropriate implementation" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-18353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "71.0.3578.80" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/884179", - "refsource" : "MISC", - "url" : "https://crbug.com/884179" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4352", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4352" - }, - { - "name" : "RHSA-2018:3803", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3803" - }, - { - "name" : "106084", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/884179", + "refsource": "MISC", + "url": "https://crbug.com/884179" + }, + { + "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" + }, + { + "name": "RHSA-2018:3803", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3803" + }, + { + "name": "DSA-4352", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4352" + }, + { + "name": "106084", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106084" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18564.json b/2018/18xxx/CVE-2018-18564.json index 1ec86ed296a..d03a0b99377 100644 --- a/2018/18xxx/CVE-2018-18564.json +++ b/2018/18xxx/CVE-2018-18564.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000). Improper access control allows attackers in the adjacent network to change the instrument configuration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01" - }, - { - "name" : "105843", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105843" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000). Improper access control allows attackers in the adjacent network to change the instrument configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01" + }, + { + "name": "105843", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105843" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5356.json b/2018/5xxx/CVE-2018-5356.json index 0bcf0135442..c00bea7ca00 100644 --- a/2018/5xxx/CVE-2018-5356.json +++ b/2018/5xxx/CVE-2018-5356.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5356", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5356", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5837.json b/2018/5xxx/CVE-2018-5837.json index e16d88f18e7..91b3525489d 100644 --- a/2018/5xxx/CVE-2018-5837.json +++ b/2018/5xxx/CVE-2018-5837.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-5837", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG which produced repeating output much earlier than expected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cryptographic Issues in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-5837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-07-01#qualcomm-closed-source-components", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-07-01#qualcomm-closed-source-components" - }, - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG which produced repeating output much earlier than expected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cryptographic Issues in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "name": "https://source.android.com/security/bulletin/2018-07-01#qualcomm-closed-source-components", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-07-01#qualcomm-closed-source-components" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5902.json b/2018/5xxx/CVE-2018-5902.json index cc3d595c1d0..cb660d978fd 100644 --- a/2018/5xxx/CVE-2018-5902.json +++ b/2018/5xxx/CVE-2018-5902.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5902", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5902", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file