From 0fd05b4bcc8c7f2cc593a07c2a090a8807e0ed2c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:07:56 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0093.json | 120 +++++------ 2001/1xxx/CVE-2001-1390.json | 210 ++++++++++---------- 2001/1xxx/CVE-2001-1537.json | 140 ++++++------- 2006/2xxx/CVE-2006-2463.json | 120 +++++------ 2006/2xxx/CVE-2006-2511.json | 150 +++++++------- 2006/2xxx/CVE-2006-2720.json | 140 ++++++------- 2006/2xxx/CVE-2006-2722.json | 130 ++++++------ 2006/2xxx/CVE-2006-2965.json | 160 +++++++-------- 2008/5xxx/CVE-2008-5197.json | 150 +++++++------- 2011/2xxx/CVE-2011-2434.json | 160 +++++++-------- 2011/2xxx/CVE-2011-2521.json | 160 +++++++-------- 2011/2xxx/CVE-2011-2689.json | 210 ++++++++++---------- 2011/2xxx/CVE-2011-2749.json | 350 ++++++++++++++++----------------- 2011/3xxx/CVE-2011-3044.json | 280 +++++++++++++------------- 2011/3xxx/CVE-2011-3097.json | 180 ++++++++--------- 2011/4xxx/CVE-2011-4167.json | 140 ++++++------- 2011/4xxx/CVE-2011-4726.json | 130 ++++++------ 2013/0xxx/CVE-2013-0358.json | 130 ++++++------ 2013/0xxx/CVE-2013-0475.json | 130 ++++++------ 2013/0xxx/CVE-2013-0722.json | 170 ++++++++-------- 2013/1xxx/CVE-2013-1043.json | 180 ++++++++--------- 2013/1xxx/CVE-2013-1332.json | 150 +++++++------- 2013/1xxx/CVE-2013-1355.json | 34 ++-- 2013/1xxx/CVE-2013-1368.json | 170 ++++++++-------- 2013/5xxx/CVE-2013-5450.json | 130 ++++++------ 2013/5xxx/CVE-2013-5502.json | 140 ++++++------- 2013/5xxx/CVE-2013-5932.json | 140 ++++++------- 2014/2xxx/CVE-2014-2034.json | 160 +++++++-------- 2014/2xxx/CVE-2014-2049.json | 120 +++++------ 2014/2xxx/CVE-2014-2068.json | 140 ++++++------- 2017/0xxx/CVE-2017-0117.json | 150 +++++++------- 2017/0xxx/CVE-2017-0959.json | 34 ++-- 2017/12xxx/CVE-2017-12050.json | 34 ++-- 2017/12xxx/CVE-2017-12564.json | 130 ++++++------ 2017/12xxx/CVE-2017-12720.json | 130 ++++++------ 2017/16xxx/CVE-2017-16110.json | 132 ++++++------- 2017/16xxx/CVE-2017-16121.json | 132 ++++++------- 2017/16xxx/CVE-2017-16201.json | 132 ++++++------- 2017/16xxx/CVE-2017-16815.json | 130 ++++++------ 2017/16xxx/CVE-2017-16922.json | 120 +++++------ 2017/4xxx/CVE-2017-4202.json | 34 ++-- 2017/4xxx/CVE-2017-4257.json | 34 ++-- 2018/18xxx/CVE-2018-18239.json | 34 ++-- 2018/5xxx/CVE-2018-5412.json | 122 ++++++------ 2018/5xxx/CVE-2018-5553.json | 266 ++++++++++++------------- 2018/5xxx/CVE-2018-5807.json | 160 +++++++-------- 2018/5xxx/CVE-2018-5993.json | 120 +++++------ 47 files changed, 3309 insertions(+), 3309 deletions(-) diff --git a/2001/0xxx/CVE-2001-0093.json b/2001/0xxx/CVE-2001-0093.json index 45314881fd4..f267a35a496 100644 --- a/2001/0xxx/CVE-2001-0093.json +++ b/2001/0xxx/CVE-2001-0093.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in telnetd in FreeBSD 1.5 allows local users to gain root privileges by modifying critical environmental variables that affect the behavior of telnetd." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "NetBSD-SA2000-017", - "refsource" : "NETBSD", - "url" : "ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-017.txt.asc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in telnetd in FreeBSD 1.5 allows local users to gain root privileges by modifying critical environmental variables that affect the behavior of telnetd." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "NetBSD-SA2000-017", + "refsource": "NETBSD", + "url": "ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-017.txt.asc" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1390.json b/2001/1xxx/CVE-2001-1390.json index cfe68b828f8..b7d9b7d3a3a 100644 --- a/2001/1xxx/CVE-2001-1390.json +++ b/2001/1xxx/CVE-2001-1390.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in binfmt_misc in the Linux kernel before 2.2.19, related to user pages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010405 Trustix Security Advisory #2001-0003 - kernel", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98653252326445&w=2" - }, - { - "name" : "20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98684172109474&w=2" - }, - { - "name" : "IMNX-2001-70-010-01", - "refsource" : "IMMUNIX", - "url" : "http://marc.info/?l=bugtraq&m=98575345009963&w=2" - }, - { - "name" : "CSSA-2001-012.0", - "refsource" : "CALDERA", - "url" : "http://marc.info/?l=bugtraq&m=98637996127004&w=2" - }, - { - "name" : "MDKSA-2001:037", - "refsource" : "MANDRAKE", - "url" : "http://marc.info/?l=bugtraq&m=98759029811377&w=2" - }, - { - "name" : "DSA-047", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2001/dsa-047" - }, - { - "name" : "SuSE-SA:2001:18", - "refsource" : "SUSE", - "url" : "http://marc.info/?l=bugtraq&m=99013830726309&w=2" - }, - { - "name" : "http://www.linux.org.uk/VERSION/relnotes.2219.html", - "refsource" : "CONFIRM", - "url" : "http://www.linux.org.uk/VERSION/relnotes.2219.html" - }, - { - "name" : "CLA-2001:394", - "refsource" : "CONECTIVA", - "url" : "http://marc.info/?l=bugtraq&m=98775114228203&w=2" - }, - { - "name" : "RHSA-2001:047", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2001-047.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in binfmt_misc in the Linux kernel before 2.2.19, related to user pages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2001:047", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2001-047.html" + }, + { + "name": "CSSA-2001-012.0", + "refsource": "CALDERA", + "url": "http://marc.info/?l=bugtraq&m=98637996127004&w=2" + }, + { + "name": "http://www.linux.org.uk/VERSION/relnotes.2219.html", + "refsource": "CONFIRM", + "url": "http://www.linux.org.uk/VERSION/relnotes.2219.html" + }, + { + "name": "SuSE-SA:2001:18", + "refsource": "SUSE", + "url": "http://marc.info/?l=bugtraq&m=99013830726309&w=2" + }, + { + "name": "DSA-047", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2001/dsa-047" + }, + { + "name": "MDKSA-2001:037", + "refsource": "MANDRAKE", + "url": "http://marc.info/?l=bugtraq&m=98759029811377&w=2" + }, + { + "name": "20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98684172109474&w=2" + }, + { + "name": "IMNX-2001-70-010-01", + "refsource": "IMMUNIX", + "url": "http://marc.info/?l=bugtraq&m=98575345009963&w=2" + }, + { + "name": "CLA-2001:394", + "refsource": "CONECTIVA", + "url": "http://marc.info/?l=bugtraq&m=98775114228203&w=2" + }, + { + "name": "20010405 Trustix Security Advisory #2001-0003 - kernel", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98653252326445&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1537.json b/2001/1xxx/CVE-2001-1537.json index d8b848a0e7f..bef8989139a 100644 --- a/2001/1xxx/CVE-2001-1537.json +++ b/2001/1xxx/CVE-2001-1537.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default \"basic\" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011128 TWIG default configurations may lead to insecure auth-cookie password storage", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-11/0245.html" - }, - { - "name" : "3591", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3591" - }, - { - "name" : "twig-password-plaintext-cookie(7619)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7619.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default \"basic\" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011128 TWIG default configurations may lead to insecure auth-cookie password storage", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-11/0245.html" + }, + { + "name": "3591", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3591" + }, + { + "name": "twig-password-plaintext-cookie(7619)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7619.php" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2463.json b/2006/2xxx/CVE-2006-2463.json index b667f35f29e..3577225f721 100644 --- a/2006/2xxx/CVE-2006-2463.json +++ b/2006/2xxx/CVE-2006-2463.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "view_album.php in SelectaPix 1.31 and earlier allows remote attackers to obtain the installation path via a certain request, which displays the path in an error message, possibly due to an invalid or missing parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1016085", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016085" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "view_album.php in SelectaPix 1.31 and earlier allows remote attackers to obtain the installation path via a certain request, which displays the path in an error message, possibly due to an invalid or missing parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016085", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016085" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2511.json b/2006/2xxx/CVE-2006-2511.json index b355b7dfb59..95e523c94c5 100644 --- a/2006/2xxx/CVE-2006-2511.json +++ b/2006/2xxx/CVE-2006-2511.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2511", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ActiveX version of FrontRange iHEAT allows remote authenticated users to run arbitrary programs or access arbitrary files on the host machine by uploading a file with an extension that is not associated with an application, and selecting a file from the \"Open With...\" dialog." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060516 FrontRange iHeat Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434400/100/0/threaded" - }, - { - "name" : "1016124", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016124" - }, - { - "name" : "20165", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20165" - }, - { - "name" : "frontrange-iheat-unauth-access(26711)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26711" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ActiveX version of FrontRange iHEAT allows remote authenticated users to run arbitrary programs or access arbitrary files on the host machine by uploading a file with an extension that is not associated with an application, and selecting a file from the \"Open With...\" dialog." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016124", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016124" + }, + { + "name": "frontrange-iheat-unauth-access(26711)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26711" + }, + { + "name": "20165", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20165" + }, + { + "name": "20060516 FrontRange iHeat Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434400/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2720.json b/2006/2xxx/CVE-2006-2720.json index f80d23149d2..aa742f5f2ab 100644 --- a/2006/2xxx/CVE-2006-2720.json +++ b/2006/2xxx/CVE-2006-2720.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in news.php in VARIOMAT allows remote attackers to execute arbitrary SQL commands via the subcat parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060528 VARIOMAT(advanced cms tool)SQL injection/XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435290/100/0/threaded" - }, - { - "name" : "999", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/999" - }, - { - "name" : "variomat-news-sql-injection(26872)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26872" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in news.php in VARIOMAT allows remote attackers to execute arbitrary SQL commands via the subcat parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "999", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/999" + }, + { + "name": "variomat-news-sql-injection(26872)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26872" + }, + { + "name": "20060528 VARIOMAT(advanced cms tool)SQL injection/XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435290/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2722.json b/2006/2xxx/CVE-2006-2722.json index 6c2e0613298..0ac13925dad 100644 --- a/2006/2xxx/CVE-2006-2722.json +++ b/2006/2xxx/CVE-2006-2722.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2722", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in view_album.php in SelectaPix 1.4 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party sources." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18196", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18196" - }, - { - "name" : "selectapix-multiple-scripts-sql0injection(27013)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in view_album.php in SelectaPix 1.4 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party sources." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18196", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18196" + }, + { + "name": "selectapix-multiple-scripts-sql0injection(27013)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27013" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2965.json b/2006/2xxx/CVE-2006-2965.json index 7a46f4441fa..2e92cb7eaa7 100644 --- a/2006/2xxx/CVE-2006-2965.json +++ b/2006/2xxx/CVE-2006-2965.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2965", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Particle Soft Particle Whois 1.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the target parameter in index.php and (2) the \"input box.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2965", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060606 ParticleSoft Whois v1.0.3", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436113/100/0/threaded" - }, - { - "name" : "ADV-2006-2168", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2168" - }, - { - "name" : "20490", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20490" - }, - { - "name" : "1071", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1071" - }, - { - "name" : "particlewhois-index-xss(26954)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26954" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Particle Soft Particle Whois 1.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the target parameter in index.php and (2) the \"input box.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060606 ParticleSoft Whois v1.0.3", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436113/100/0/threaded" + }, + { + "name": "particlewhois-index-xss(26954)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26954" + }, + { + "name": "1071", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1071" + }, + { + "name": "ADV-2006-2168", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2168" + }, + { + "name": "20490", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20490" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5197.json b/2008/5xxx/CVE-2008-5197.json index e1386eec1a1..d1a0dcd3659 100644 --- a/2008/5xxx/CVE-2008-5197.json +++ b/2008/5xxx/CVE-2008-5197.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the lid parameter in a detail_adverts action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5961", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5961" - }, - { - "name" : "29995", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29995" - }, - { - "name" : "4640", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4640" - }, - { - "name" : "classifieds-classifieds-sql-injection(43561)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43561" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the lid parameter in a detail_adverts action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4640", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4640" + }, + { + "name": "29995", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29995" + }, + { + "name": "classifieds-classifieds-sql-injection(43561)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43561" + }, + { + "name": "5961", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5961" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2434.json b/2011/2xxx/CVE-2011-2434.json index 20d3a0d4c5c..8394805a4c2 100644 --- a/2011/2xxx/CVE-2011-2434.json +++ b/2011/2xxx/CVE-2011-2434.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2434", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2437." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-2434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-24.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-24.html" - }, - { - "name" : "SUSE-SA:2011:044", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00025.html" - }, - { - "name" : "SUSE-SU-2011:1239", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00013.html" - }, - { - "name" : "openSUSE-SU-2011:1238", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00012.html" - }, - { - "name" : "oval:org.mitre.oval:def:13217", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13217" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2437." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-24.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-24.html" + }, + { + "name": "oval:org.mitre.oval:def:13217", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13217" + }, + { + "name": "SUSE-SU-2011:1239", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00013.html" + }, + { + "name": "SUSE-SA:2011:044", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00025.html" + }, + { + "name": "openSUSE-SU-2011:1238", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00012.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2521.json b/2011/2xxx/CVE-2011-2521.json index f325b5534b8..dc9264eec03 100644 --- a/2011/2xxx/CVE-2011-2521.json +++ b/2011/2xxx/CVE-2011-2521.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The x86_assign_hw_event function in arch/x86/kernel/cpu/perf_event.c in the Performance Events subsystem in the Linux kernel before 2.6.39 does not properly calculate counter values, which allows local users to cause a denial of service (panic) via the perf program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110706 Re: CVE request: kernel: perf, x86: fix Intel fixed counters base initialization", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/06/4" - }, - { - "name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39", - "refsource" : "CONFIRM", - "url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fc66c5210ec2539e800e87d7b3a985323c7be96e", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fc66c5210ec2539e800e87d7b3a985323c7be96e" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=719228", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=719228" - }, - { - "name" : "https://github.com/torvalds/linux/commit/fc66c5210ec2539e800e87d7b3a985323c7be96e", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/fc66c5210ec2539e800e87d7b3a985323c7be96e" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The x86_assign_hw_event function in arch/x86/kernel/cpu/perf_event.c in the Performance Events subsystem in the Linux kernel before 2.6.39 does not properly calculate counter values, which allows local users to cause a denial of service (panic) via the perf program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/fc66c5210ec2539e800e87d7b3a985323c7be96e", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/fc66c5210ec2539e800e87d7b3a985323c7be96e" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fc66c5210ec2539e800e87d7b3a985323c7be96e", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fc66c5210ec2539e800e87d7b3a985323c7be96e" + }, + { + "name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39", + "refsource": "CONFIRM", + "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" + }, + { + "name": "[oss-security] 20110706 Re: CVE request: kernel: perf, x86: fix Intel fixed counters base initialization", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/06/4" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=719228", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=719228" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2689.json b/2011/2xxx/CVE-2011-2689.json index e5f1767c303..e7f673209d7 100644 --- a/2011/2xxx/CVE-2011-2689.json +++ b/2011/2xxx/CVE-2011-2689.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2689", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of service (BUG and system crash) by arranging for all resource groups to have too little free space." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110713 CVE-2011-2689 kernel: gfs2: make sure fallocate bytes is a multiple of blksize", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/13/1" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6905d9e4dda6112f007e9090bca80507da158e63", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6905d9e4dda6112f007e9090bca80507da158e63" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.0-rc1", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.0-rc1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=720861", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=720861" - }, - { - "name" : "HPSBGN02970", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139447903326211&w=2" - }, - { - "name" : "RHSA-2011:1065", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-1065.html" - }, - { - "name" : "48677", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48677" - }, - { - "name" : "1025776", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025776" - }, - { - "name" : "45193", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45193" - }, - { - "name" : "linux-kernel-gfs2-dos(68557)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68557" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of service (BUG and system crash) by arranging for all resource groups to have too little free space." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110713 CVE-2011-2689 kernel: gfs2: make sure fallocate bytes is a multiple of blksize", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/13/1" + }, + { + "name": "RHSA-2011:1065", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-1065.html" + }, + { + "name": "linux-kernel-gfs2-dos(68557)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68557" + }, + { + "name": "1025776", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025776" + }, + { + "name": "48677", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48677" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.0-rc1", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.0-rc1" + }, + { + "name": "45193", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45193" + }, + { + "name": "HPSBGN02970", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139447903326211&w=2" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6905d9e4dda6112f007e9090bca80507da158e63", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6905d9e4dda6112f007e9090bca80507da158e63" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=720861", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=720861" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2749.json b/2011/2xxx/CVE-2011-2749.json index 1e910662430..f253c4fd938 100644 --- a/2011/2xxx/CVE-2011-2749.json +++ b/2011/2xxx/CVE-2011-2749.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html", - "refsource" : "CONFIRM", - "url" : "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html" - }, - { - "name" : "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html", - "refsource" : "CONFIRM", - "url" : "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html" - }, - { - "name" : "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html", - "refsource" : "CONFIRM", - "url" : "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html" - }, - { - "name" : "http://www.isc.org/software/dhcp/advisories/cve-2011-2748", - "refsource" : "CONFIRM", - "url" : "http://www.isc.org/software/dhcp/advisories/cve-2011-2748" - }, - { - "name" : "https://bugzilla.redhat.com/attachment.cgi?id=517665&action=diff", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/attachment.cgi?id=517665&action=diff" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=729382", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=729382" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761" - }, - { - "name" : "DSA-2292", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2292" - }, - { - "name" : "FEDORA-2011-10705", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html" - }, - { - "name" : "GLSA-201301-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201301-06.xml" - }, - { - "name" : "MDVSA-2011:128", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:128" - }, - { - "name" : "RHSA-2011:1160", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1160.html" - }, - { - "name" : "SUSE-SU-2011:1023", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/11695711" - }, - { - "name" : "openSUSE-SU-2011:1021", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html" - }, - { - "name" : "USN-1190-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1190-1" - }, - { - "name" : "49120", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49120" - }, - { - "name" : "1025918", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025918" - }, - { - "name" : "45582", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45582" - }, - { - "name" : "45595", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45595" - }, - { - "name" : "45629", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45629" - }, - { - "name" : "45639", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45639" - }, - { - "name" : "45817", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45817" - }, - { - "name" : "45918", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45918" - }, - { - "name" : "46780", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46780" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1190-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1190-1" + }, + { + "name": "FEDORA-2011-10705", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html" + }, + { + "name": "45595", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45595" + }, + { + "name": "openSUSE-SU-2011:1021", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html" + }, + { + "name": "DSA-2292", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2292" + }, + { + "name": "RHSA-2011:1160", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1160.html" + }, + { + "name": "1025918", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025918" + }, + { + "name": "45817", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45817" + }, + { + "name": "49120", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49120" + }, + { + "name": "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html", + "refsource": "CONFIRM", + "url": "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html" + }, + { + "name": "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html", + "refsource": "CONFIRM", + "url": "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761" + }, + { + "name": "45582", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45582" + }, + { + "name": "https://bugzilla.redhat.com/attachment.cgi?id=517665&action=diff", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/attachment.cgi?id=517665&action=diff" + }, + { + "name": "45918", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45918" + }, + { + "name": "http://www.isc.org/software/dhcp/advisories/cve-2011-2748", + "refsource": "CONFIRM", + "url": "http://www.isc.org/software/dhcp/advisories/cve-2011-2748" + }, + { + "name": "GLSA-201301-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201301-06.xml" + }, + { + "name": "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html", + "refsource": "CONFIRM", + "url": "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html" + }, + { + "name": "45639", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45639" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=729382", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=729382" + }, + { + "name": "45629", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45629" + }, + { + "name": "SUSE-SU-2011:1023", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/11695711" + }, + { + "name": "MDVSA-2011:128", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:128" + }, + { + "name": "46780", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46780" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3044.json b/2011/3xxx/CVE-2011-3044.json index 7f921e0e190..bfa4f376bf2 100644 --- a/2011/3xxx/CVE-2011-3044.json +++ b/2011/3xxx/CVE-2011-3044.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3044", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation elements." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=116093", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=116093" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html" - }, - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "GLSA-201203-19", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201203-19.xml" - }, - { - "name" : "openSUSE-SU-2012:0374", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00012.html" - }, - { - "name" : "52271", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52271" - }, - { - "name" : "oval:org.mitre.oval:def:14830", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14830" - }, - { - "name" : "1026759", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026759" - }, - { - "name" : "48527", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48527" - }, - { - "name" : "48419", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48419" - }, - { - "name" : "48265", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48265" - }, - { - "name" : "google-svg-animation-code-exec(73655)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73655" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation elements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=116093", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=116093" + }, + { + "name": "oval:org.mitre.oval:def:14830", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14830" + }, + { + "name": "1026759", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026759" + }, + { + "name": "48527", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48527" + }, + { + "name": "48265", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48265" + }, + { + "name": "48419", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48419" + }, + { + "name": "openSUSE-SU-2012:0374", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00012.html" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "52271", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52271" + }, + { + "name": "GLSA-201203-19", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201203-19.xml" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + }, + { + "name": "google-svg-animation-code-exec(73655)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73655" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3097.json b/2011/3xxx/CVE-2011-3097.json index 1214807cf06..53af2498b84 100644 --- a/2011/3xxx/CVE-2011-3097.json +++ b/2011/3xxx/CVE-2011-3097.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an out-of-bounds write error in the implementation of sampled functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=123733", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=123733" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=124182", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=124182" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html" - }, - { - "name" : "53540", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53540" - }, - { - "name" : "oval:org.mitre.oval:def:15422", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15422" - }, - { - "name" : "1027067", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027067" - }, - { - "name" : "chrome-sampled-functions-code-exec(75602)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75602" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an out-of-bounds write error in the implementation of sampled functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:15422", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15422" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=123733", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=123733" + }, + { + "name": "1027067", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027067" + }, + { + "name": "chrome-sampled-functions-code-exec(75602)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75602" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html" + }, + { + "name": "53540", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53540" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=124182", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=124182" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4167.json b/2011/4xxx/CVE-2011-4167.json index 6d3b96d9281..1c226d8b83a 100644 --- a/2011/4xxx/CVE-2011-4167.json +++ b/2011/4xxx/CVE-2011-4167.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in MPAUploader.dll in HP Managed Printing Administration before 2.6.4 allows remote attackers to execute arbitrary code via a long filename parameter in an uploadfile action to Default.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-4167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-353/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-353/" - }, - { - "name" : "HPSBPI02732", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03128469" - }, - { - "name" : "SSRT100435", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03128469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in MPAUploader.dll in HP Managed Printing Administration before 2.6.4 allows remote attackers to execute arbitrary code via a long filename parameter in an uploadfile action to Default.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBPI02732", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03128469" + }, + { + "name": "SSRT100435", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03128469" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-353/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-353/" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4726.json b/2011/4xxx/CVE-2011-4726.json index 526bd2da1e6..757c677d76e 100644 --- a/2011/4xxx/CVE-2011-4726.json +++ b/2011/4xxx/CVE-2011-4726.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4726", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by admin/health/ and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html", - "refsource" : "MISC", - "url" : "http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html" - }, - { - "name" : "plesk-server-xss(72333)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72333" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by admin/health/ and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "plesk-server-xss(72333)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72333" + }, + { + "name": "http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html", + "refsource": "MISC", + "url": "http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0358.json b/2013/0xxx/CVE-2013-0358.json index 5d788ebd848..7ab31a9c9ba 100644 --- a/2013/0xxx/CVE-2013-0358.json +++ b/2013/0xxx/CVE-2013-0358.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Resource Manager." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-0358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Resource Manager." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0475.json b/2013/0xxx/CVE-2013-0475.json index 25cbb47c89a..867f6917e06 100644 --- a/2013/0xxx/CVE-2013-0475.json +++ b/2013/0xxx/CVE-2013-0475.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0475", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013-2985, CVE-2013-2987, CVE-2013-3020, CVE-2013-0568, and CVE-2013-0567." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-0475", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21640830", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21640830" - }, - { - "name" : "sterling-b2b-cve20130475-infodisc(81403)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81403" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013-2985, CVE-2013-2987, CVE-2013-3020, CVE-2013-0568, and CVE-2013-0567." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sterling-b2b-cve20130475-infodisc(81403)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81403" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21640830", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21640830" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0722.json b/2013/0xxx/CVE-2013-0722.json index a3b3b18fe1b..a278243e652 100644 --- a/2013/0xxx/CVE-2013-0722.json +++ b/2013/0xxx/CVE-2013-0722.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0722", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the scan_load_hosts function in ec_scan.c in Ettercap 0.7.5.1 and earlier might allow local users to gain privileges via a Trojan horse hosts list containing a long line." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-0722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "23945", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/23945/" - }, - { - "name" : "http://www.securation.com/files/2013/01/ec.patch", - "refsource" : "MISC", - "url" : "http://www.securation.com/files/2013/01/ec.patch" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=451198", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=451198" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=894092", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=894092" - }, - { - "name" : "57175", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57175" - }, - { - "name" : "51731", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51731" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the scan_load_hosts function in ec_scan.c in Ettercap 0.7.5.1 and earlier might allow local users to gain privileges via a Trojan horse hosts list containing a long line." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securation.com/files/2013/01/ec.patch", + "refsource": "MISC", + "url": "http://www.securation.com/files/2013/01/ec.patch" + }, + { + "name": "23945", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/23945/" + }, + { + "name": "51731", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51731" + }, + { + "name": "57175", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57175" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=451198", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=451198" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=894092", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=894092" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1043.json b/2013/1xxx/CVE-2013-1043.json index 9a27ea3994b..fc9ec3e2a1c 100644 --- a/2013/1xxx/CVE-2013-1043.json +++ b/2013/1xxx/CVE-2013-1043.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-1043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5934", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5934" - }, - { - "name" : "http://support.apple.com/kb/HT6001", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6001" - }, - { - "name" : "APPLE-SA-2013-09-18-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" - }, - { - "name" : "APPLE-SA-2013-10-22-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html" - }, - { - "name" : "APPLE-SA-2013-10-22-8", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html" - }, - { - "name" : "1029054", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029054" - }, - { - "name" : "54886", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54886" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2013-10-22-8", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html" + }, + { + "name": "1029054", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029054" + }, + { + "name": "http://support.apple.com/kb/HT6001", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6001" + }, + { + "name": "APPLE-SA-2013-10-22-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html" + }, + { + "name": "54886", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54886" + }, + { + "name": "http://support.apple.com/kb/HT5934", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5934" + }, + { + "name": "APPLE-SA-2013-09-18-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1332.json b/2013/1xxx/CVE-2013-1332.json index 33e93ce7eda..0401df9f353 100644 --- a/2013/1xxx/CVE-2013-1332.json +++ b/2013/1xxx/CVE-2013-1332.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1332", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka \"DirectX Graphics Kernel Subsystem Double Fetch Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-1332", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-046", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-046" - }, - { - "name" : "TA13-134A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-134A" - }, - { - "name" : "oval:org.mitre.oval:def:16332", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16332" - }, - { - "name" : "53385", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53385" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka \"DirectX Graphics Kernel Subsystem Double Fetch Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA13-134A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-134A" + }, + { + "name": "oval:org.mitre.oval:def:16332", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16332" + }, + { + "name": "MS13-046", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-046" + }, + { + "name": "53385", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53385" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1355.json b/2013/1xxx/CVE-2013-1355.json index cb2e6488646..32764c0f40a 100644 --- a/2013/1xxx/CVE-2013-1355.json +++ b/2013/1xxx/CVE-2013-1355.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1355", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate subsequently withdrew it. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-1355", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate subsequently withdrew it. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1368.json b/2013/1xxx/CVE-2013-1368.json index 9c750cacae4..f5af73ca66e 100644 --- a/2013/1xxx/CVE-2013-1368.json +++ b/2013/1xxx/CVE-2013-1368.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2013-1368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb13-05.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb13-05.html" - }, - { - "name" : "RHSA-2013:0254", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0254.html" - }, - { - "name" : "SUSE-SU-2013:0296", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00010.html" - }, - { - "name" : "openSUSE-SU-2013:0295", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00009.html" - }, - { - "name" : "openSUSE-SU-2013:0298", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00011.html" - }, - { - "name" : "TA13-043A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-043A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2013:0296", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00010.html" + }, + { + "name": "RHSA-2013:0254", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0254.html" + }, + { + "name": "openSUSE-SU-2013:0295", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00009.html" + }, + { + "name": "openSUSE-SU-2013:0298", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00011.html" + }, + { + "name": "TA13-043A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-043A.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb13-05.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb13-05.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5450.json b/2013/5xxx/CVE-2013-5450.json index 64b107ea736..65742a06022 100644 --- a/2013/5xxx/CVE-2013-5450.json +++ b/2013/5xxx/CVE-2013-5450.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security AppScan Enterprise 8.5 through 8.7.0.1, when Jazz authentication is enabled, allows man-in-the-middle attackers to obtain sensitive information or modify data by leveraging an improperly protected URL to obtain a session token." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-5450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655578", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655578" - }, - { - "name" : "ibm-appscan-cve20135450-info-disc(88190)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88190" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security AppScan Enterprise 8.5 through 8.7.0.1, when Jazz authentication is enabled, allows man-in-the-middle attackers to obtain sensitive information or modify data by leveraging an improperly protected URL to obtain a session token." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-appscan-cve20135450-info-disc(88190)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88190" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655578", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655578" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5502.json b/2013/5xxx/CVE-2013-5502.json index 603239fdcc4..477fd5c189a 100644 --- a/2013/5xxx/CVE-2013-5502.json +++ b/2013/5xxx/CVE-2013-5502.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5502", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web interface in Cisco MediaSense does not properly protect the client-server communication channel, which allows remote attackers to obtain sensitive query string or cookie information via unspecified vectors, aka Bug ID CSCuj23344." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-5502", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=30934", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=30934" - }, - { - "name" : "20130920 Cisco MediaSense Sensitive Data in Query String/Cookie Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5502" - }, - { - "name" : "97532", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/97532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web interface in Cisco MediaSense does not properly protect the client-server communication channel, which allows remote attackers to obtain sensitive query string or cookie information via unspecified vectors, aka Bug ID CSCuj23344." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130920 Cisco MediaSense Sensitive Data in Query String/Cookie Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5502" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30934", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30934" + }, + { + "name": "97532", + "refsource": "OSVDB", + "url": "http://osvdb.org/97532" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5932.json b/2013/5xxx/CVE-2013-5932.json index 25bcda057ba..4789c99fa64 100644 --- a/2013/5xxx/CVE-2013-5932.json +++ b/2013/5xxx/CVE-2013-5932.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5932", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.sophos.com/2013/08/21/utm-up2date-9-105-released/", - "refsource" : "CONFIRM", - "url" : "http://blogs.sophos.com/2013/08/21/utm-up2date-9-105-released/" - }, - { - "name" : "1029039", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029039" - }, - { - "name" : "54881", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54881" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54881", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54881" + }, + { + "name": "http://blogs.sophos.com/2013/08/21/utm-up2date-9-105-released/", + "refsource": "CONFIRM", + "url": "http://blogs.sophos.com/2013/08/21/utm-up2date-9-105-released/" + }, + { + "name": "1029039", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029039" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2034.json b/2014/2xxx/CVE-2014-2034.json index f7db69ecb95..0d9d6332bf3 100644 --- a/2014/2xxx/CVE-2014-2034.json +++ b/2014/2xxx/CVE-2014-2034.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2034", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to \"an unauthenticated execution path.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.sonatype.org/advisories/archive/2014-03-03-Nexus", - "refsource" : "CONFIRM", - "url" : "http://www.sonatype.org/advisories/archive/2014-03-03-Nexus" - }, - { - "name" : "https://support.sonatype.com/entries/42374566-CVE-2014-2034-Nexus-Security-Advisory-REST-API", - "refsource" : "CONFIRM", - "url" : "https://support.sonatype.com/entries/42374566-CVE-2014-2034-Nexus-Security-Advisory-REST-API" - }, - { - "name" : "65956", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65956" - }, - { - "name" : "104049", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/104049" - }, - { - "name" : "57142", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57142" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to \"an unauthenticated execution path.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.sonatype.org/advisories/archive/2014-03-03-Nexus", + "refsource": "CONFIRM", + "url": "http://www.sonatype.org/advisories/archive/2014-03-03-Nexus" + }, + { + "name": "104049", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/104049" + }, + { + "name": "57142", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57142" + }, + { + "name": "65956", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65956" + }, + { + "name": "https://support.sonatype.com/entries/42374566-CVE-2014-2034-Nexus-Security-Advisory-REST-API", + "refsource": "CONFIRM", + "url": "https://support.sonatype.com/entries/42374566-CVE-2014-2034-Nexus-Security-Advisory-REST-API" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2049.json b/2014/2xxx/CVE-2014-2049.json index 32b85411663..4da3b2fa101 100644 --- a/2014/2xxx/CVE-2014-2049.json +++ b/2014/2xxx/CVE-2014-2049.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2049", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2049", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://owncloud.org/about/security/advisories/oC-SA-2014-003/", - "refsource" : "CONFIRM", - "url" : "http://owncloud.org/about/security/advisories/oC-SA-2014-003/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://owncloud.org/about/security/advisories/oC-SA-2014-003/", + "refsource": "CONFIRM", + "url": "http://owncloud.org/about/security/advisories/oC-SA-2014-003/" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2068.json b/2014/2xxx/CVE-2014-2068.json index d4ac0d14487..d597c6aefce 100644 --- a/2014/2xxx/CVE-2014-2068.json +++ b/2014/2xxx/CVE-2014-2068.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2014-2068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140220 Re: Possible CVE Requests: several issues fixed in Jenkins (Advisory 2014-02-14)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/02/21/2" - }, - { - "name" : "https://github.com/jenkinsci/jenkins/commit/0530a6645aac10fec005614211660e98db44b5eb", - "refsource" : "CONFIRM", - "url" : "https://github.com/jenkinsci/jenkins/commit/0530a6645aac10fec005614211660e98db44b5eb" - }, - { - "name" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14", - "refsource" : "CONFIRM", - "url" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/jenkinsci/jenkins/commit/0530a6645aac10fec005614211660e98db44b5eb", + "refsource": "CONFIRM", + "url": "https://github.com/jenkinsci/jenkins/commit/0530a6645aac10fec005614211660e98db44b5eb" + }, + { + "name": "[oss-security] 20140220 Re: Possible CVE Requests: several issues fixed in Jenkins (Advisory 2014-02-14)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/02/21/2" + }, + { + "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14", + "refsource": "CONFIRM", + "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0117.json b/2017/0xxx/CVE-2017-0117.json index b1f6e16ae04..19f4890da0e 100644 --- a/2017/0xxx/CVE-2017-0117.json +++ b/2017/0xxx/CVE-2017-0117.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0117", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Uniscribe", - "version" : { - "version_data" : [ - { - "version_value" : "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Uniscribe Information Disclosure Vulnerability.\" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0117", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Uniscribe", + "version": { + "version_data": [ + { + "version_value": "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41655", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41655/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0117", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0117" - }, - { - "name" : "96679", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96679" - }, - { - "name" : "1037992", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Uniscribe Information Disclosure Vulnerability.\" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037992", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037992" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0117", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0117" + }, + { + "name": "41655", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41655/" + }, + { + "name": "96679", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96679" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0959.json b/2017/0xxx/CVE-2017-0959.json index acaa8fcb334..47474439ea0 100644 --- a/2017/0xxx/CVE-2017-0959.json +++ b/2017/0xxx/CVE-2017-0959.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0959", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0959", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12050.json b/2017/12xxx/CVE-2017-12050.json index 977aa6548f4..3bb25d3e91c 100644 --- a/2017/12xxx/CVE-2017-12050.json +++ b/2017/12xxx/CVE-2017-12050.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12050", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12050", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12564.json b/2017/12xxx/CVE-2017-12564.json index 9cba3ae3f47..f65e5d7d70b 100644 --- a/2017/12xxx/CVE-2017-12564.json +++ b/2017/12xxx/CVE-2017-12564.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/601", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/601" - }, - { - "name" : "100161", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100161" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100161", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100161" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/601", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/601" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12720.json b/2017/12xxx/CVE-2017-12720.json index bdebd1d16ca..bfe849cbd70 100644 --- a/2017/12xxx/CVE-2017-12720.json +++ b/2017/12xxx/CVE-2017-12720.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-12720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump", - "version" : { - "version_data" : [ - { - "version_value" : "Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Improper Access Control issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump does not require authentication if the pump is configured to allow FTP connections." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-12720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump", + "version": { + "version_data": [ + { + "version_value": "Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A" - }, - { - "name" : "100665", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Improper Access Control issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump does not require authentication if the pump is configured to allow FTP connections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A" + }, + { + "name": "100665", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100665" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16110.json b/2017/16xxx/CVE-2017-16110.json index f83ebca39d1..973d4abe5dd 100644 --- a/2017/16xxx/CVE-2017-16110.json +++ b/2017/16xxx/CVE-2017-16110.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "weather.swlyons node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "weather.swlyons is a simple web server for weather updates. weather.swlyons is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "weather.swlyons node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/weather.swlyons", - "refsource" : "MISC", - "url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/weather.swlyons" - }, - { - "name" : "https://nodesecurity.io/advisories/379", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/379" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "weather.swlyons is a simple web server for weather updates. weather.swlyons is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/379", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/379" + }, + { + "name": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/weather.swlyons", + "refsource": "MISC", + "url": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/weather.swlyons" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16121.json b/2017/16xxx/CVE-2017-16121.json index 4fe19e1cea1..f3b5ef93140 100644 --- a/2017/16xxx/CVE-2017-16121.json +++ b/2017/16xxx/CVE-2017-16121.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "datachannel-client node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "datachannel-client is a signaling implementation for DataChannel.js. datachannel-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "datachannel-client node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/datachannel-client", - "refsource" : "MISC", - "url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/datachannel-client" - }, - { - "name" : "https://nodesecurity.io/advisories/391", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/391" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "datachannel-client is a signaling implementation for DataChannel.js. datachannel-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/391", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/391" + }, + { + "name": "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/datachannel-client", + "refsource": "MISC", + "url": "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/datachannel-client" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16201.json b/2017/16xxx/CVE-2017-16201.json index b9338922ca2..df05e612684 100644 --- a/2017/16xxx/CVE-2017-16201.json +++ b/2017/16xxx/CVE-2017-16201.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "zjjserver node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "zjjserver is a static file server. zjjserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "zjjserver node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/zjjserver", - "refsource" : "MISC", - "url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/zjjserver" - }, - { - "name" : "https://nodesecurity.io/advisories/427", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "zjjserver is a static file server. zjjserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/zjjserver", + "refsource": "MISC", + "url": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/zjjserver" + }, + { + "name": "https://nodesecurity.io/advisories/427", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/427" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16815.json b/2017/16xxx/CVE-2017-16815.json index 8888fbe3762..b40b355b15f 100644 --- a/2017/16xxx/CVE-2017-16815.json +++ b/2017/16xxx/CVE-2017-16815.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16815", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values \"url_new\" (/wp-content/plugins/duplicator/installer/build/view.step4.php) and \"logging\" (wp-content/plugins/duplicator/installer/build/view.step2.php) are not filtered correctly." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16815", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://packetstormsecurity.com/files/144914/WordPress-Duplicator-Migration-1.2.28-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/144914/WordPress-Duplicator-Migration-1.2.28-Cross-Site-Scripting.html" - }, - { - "name" : "https://snapcreek.com/duplicator/docs/changelog", - "refsource" : "MISC", - "url" : "https://snapcreek.com/duplicator/docs/changelog" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values \"url_new\" (/wp-content/plugins/duplicator/installer/build/view.step4.php) and \"logging\" (wp-content/plugins/duplicator/installer/build/view.step2.php) are not filtered correctly." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/144914/WordPress-Duplicator-Migration-1.2.28-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/144914/WordPress-Duplicator-Migration-1.2.28-Cross-Site-Scripting.html" + }, + { + "name": "https://snapcreek.com/duplicator/docs/changelog", + "refsource": "MISC", + "url": "https://snapcreek.com/duplicator/docs/changelog" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16922.json b/2017/16xxx/CVE-2017-16922.json index 6aa6e4b8370..31ffe6bfdb6 100644 --- a/2017/16xxx/CVE-2017-16922.json +++ b/2017/16xxx/CVE-2017-16922.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16922", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine before 4.7.1, traversal of the directory structure and retrieval of a file are possible via a remote, specifically crafted HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16922", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/WowzaMediaSystems/public_cve/blob/master/wowza-streaming-engine/CVE-2017-16922.txt", - "refsource" : "CONFIRM", - "url" : "https://github.com/WowzaMediaSystems/public_cve/blob/master/wowza-streaming-engine/CVE-2017-16922.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine before 4.7.1, traversal of the directory structure and retrieval of a file are possible via a remote, specifically crafted HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/WowzaMediaSystems/public_cve/blob/master/wowza-streaming-engine/CVE-2017-16922.txt", + "refsource": "CONFIRM", + "url": "https://github.com/WowzaMediaSystems/public_cve/blob/master/wowza-streaming-engine/CVE-2017-16922.txt" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4202.json b/2017/4xxx/CVE-2017-4202.json index bb5cde63c93..76bff1cd9d1 100644 --- a/2017/4xxx/CVE-2017-4202.json +++ b/2017/4xxx/CVE-2017-4202.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4202", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4202", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4257.json b/2017/4xxx/CVE-2017-4257.json index 6eafa897aef..0dc2742cf0d 100644 --- a/2017/4xxx/CVE-2017-4257.json +++ b/2017/4xxx/CVE-2017-4257.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4257", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4257", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18239.json b/2018/18xxx/CVE-2018-18239.json index abd569957bc..b4ef589ba7a 100644 --- a/2018/18xxx/CVE-2018-18239.json +++ b/2018/18xxx/CVE-2018-18239.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18239", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18239", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5412.json b/2018/5xxx/CVE-2018-5412.json index 99d8b6a47c5..944a964fb2b 100644 --- a/2018/5xxx/CVE-2018-5412.json +++ b/2018/5xxx/CVE-2018-5412.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2018-5412", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SecureSphere", - "version" : { - "version_data" : [ - { - "affected" : "=", - "version_value" : "12.0.0.50" - } - ] - } - } - ] - }, - "vendor_name" : "Imperva" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-77" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2018-5412", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SecureSphere", + "version": { + "version_data": [ + { + "affected": "=", + "version_value": "12.0.0.50" + } + ] + } + } + ] + }, + "vendor_name": "Imperva" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45132", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45132", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45132" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5553.json b/2018/5xxx/CVE-2018-5553.json index 6b6d8d51c1d..ee0dcbd2d8d 100644 --- a/2018/5xxx/CVE-2018-5553.json +++ b/2018/5xxx/CVE-2018-5553.json @@ -1,135 +1,135 @@ { - "CVE_data_meta" : { - "AKA" : "", - "ASSIGNER" : "cve@rapid7.com", - "DATE_PUBLIC" : "2018-06-12T10:00:00.000Z", - "ID" : "CVE-2018-5553", - "STATE" : "PUBLIC", - "TITLE" : "Crestron DGE-100 Console Command Injection (FIXED)" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DGE-100", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "platform" : "", - "version_name" : "", - "version_value" : "1.3384.00049.001" - } - ] - } - }, - { - "product_name" : "TS-1542-C", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "platform" : "", - "version_name" : "", - "version_value" : "1.3384.00049.001" - } - ] - } - }, - { - "product_name" : "DM-DGE-200-C", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "platform" : "", - "version_name" : "", - "version_value" : "1.3384.00049.001" - } - ] - } - } - ] - }, - "vendor_name" : "Crestron" - } - ] - } - }, - "configuration" : [], - "credit" : [ - { - "lang" : "eng", - "value" : "This issue was discovered by Rapid7 researchers Cale Black and Jordan Larose. It is being disclosed in accordance Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/)." - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default configuration and running firmware versions 1.3384.00049.001 and lower are vulnerable to command injection that can be used to gain root-level access." - } - ] - }, - "exploit" : [], - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 9.8, - "baseSeverity" : "CRITICAL", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : " CWE-78 (Improper Neutralization of Special Elements used in an OS Command)" - } + "CVE_data_meta": { + "AKA": "", + "ASSIGNER": "cve@rapid7.com", + "DATE_PUBLIC": "2018-06-12T10:00:00.000Z", + "ID": "CVE-2018-5553", + "STATE": "PUBLIC", + "TITLE": "Crestron DGE-100 Console Command Injection (FIXED)" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DGE-100", + "version": { + "version_data": [ + { + "affected": "<=", + "platform": "", + "version_name": "", + "version_value": "1.3384.00049.001" + } + ] + } + }, + { + "product_name": "TS-1542-C", + "version": { + "version_data": [ + { + "affected": "<=", + "platform": "", + "version_name": "", + "version_value": "1.3384.00049.001" + } + ] + } + }, + { + "product_name": "DM-DGE-200-C", + "version": { + "version_data": [ + { + "affected": "<=", + "platform": "", + "version_name": "", + "version_value": "1.3384.00049.001" + } + ] + } + } + ] + }, + "vendor_name": "Crestron" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.rapid7.com/2018/06/12/r7-2018-15-cve-2018-5553-crestron-dge-100-console-command-injection-fixed/", - "refsource" : "MISC", - "url" : "https://blog.rapid7.com/2018/06/12/r7-2018-15-cve-2018-5553-crestron-dge-100-console-command-injection-fixed/" - }, - { - "name" : "https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE%C2%AD-2018%C2%AD-5553", - "refsource" : "CONFIRM", - "url" : "https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE%C2%AD-2018%C2%AD-5553" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "Users should update affected devices to the latest firmware version (1.3384.00059.001 or higher) available from Crestron's product pages." - } - ], - "source" : { - "advisory" : "R7-2018-15", - "defect" : [], - "discovery" : "EXTERNAL" - }, - "work_around" : [] -} + } + }, + "configuration": [], + "credit": [ + { + "lang": "eng", + "value": "This issue was discovered by Rapid7 researchers Cale Black and Jordan Larose. It is being disclosed in accordance Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/)." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default configuration and running firmware versions 1.3384.00049.001 and lower are vulnerable to command injection that can be used to gain root-level access." + } + ] + }, + "exploit": [], + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": " CWE-78 (Improper Neutralization of Special Elements used in an OS Command)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE%C2%AD-2018%C2%AD-5553", + "refsource": "CONFIRM", + "url": "https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE%C2%AD-2018%C2%AD-5553" + }, + { + "name": "https://blog.rapid7.com/2018/06/12/r7-2018-15-cve-2018-5553-crestron-dge-100-console-command-injection-fixed/", + "refsource": "MISC", + "url": "https://blog.rapid7.com/2018/06/12/r7-2018-15-cve-2018-5553-crestron-dge-100-console-command-injection-fixed/" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Users should update affected devices to the latest firmware version (1.3384.00059.001 or higher) available from Crestron's product pages." + } + ], + "source": { + "advisory": "R7-2018-15", + "defect": [], + "discovery": "EXTERNAL" + }, + "work_around": [] +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5807.json b/2018/5xxx/CVE-2018-5807.json index b72e093ecd3..3167394cf83 100644 --- a/2018/5xxx/CVE-2018-5807.json +++ b/2018/5xxx/CVE-2018-5807.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "PSIRT-CNA@flexerasoftware.com", - "ID" : "CVE-2018-5807", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LibRaw", - "version" : { - "version_data" : [ - { - "version_value" : "Prior to 0.18.9" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An error within the \"samsung_load_raw()\" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DoS (Denial of Service) through out-of-bounds read memory access" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2018-5807", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LibRaw", + "version": { + "version_data": [ + { + "version_value": "Prior to 0.18.9" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt", - "refsource" : "MISC", - "url" : "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt" - }, - { - "name" : "https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9", - "refsource" : "MISC", - "url" : "https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9" - }, - { - "name" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/", - "refsource" : "MISC", - "url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/" - }, - { - "name" : "USN-3838-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3838-1/" - }, - { - "name" : "81800", - "refsource" : "SECUNIA", - "url" : "https://secuniaresearch.flexerasoftware.com/advisories/81800/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An error within the \"samsung_load_raw()\" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS (Denial of Service) through out-of-bounds read memory access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt", + "refsource": "MISC", + "url": "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt" + }, + { + "name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/", + "refsource": "MISC", + "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/" + }, + { + "name": "81800", + "refsource": "SECUNIA", + "url": "https://secuniaresearch.flexerasoftware.com/advisories/81800/" + }, + { + "name": "https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9", + "refsource": "MISC", + "url": "https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9" + }, + { + "name": "USN-3838-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3838-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5993.json b/2018/5xxx/CVE-2018-5993.json index a6ff46a7886..6fb9b1314b2 100644 --- a/2018/5xxx/CVE-2018-5993.json +++ b/2018/5xxx/CVE-2018-5993.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5993", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=showvacancy request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44106", - "refsource" : "EXPLOIT-DB", - "url" : "https://exploit-db.com/exploits/44106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=showvacancy request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44106", + "refsource": "EXPLOIT-DB", + "url": "https://exploit-db.com/exploits/44106" + } + ] + } +} \ No newline at end of file