diff --git a/2001/0xxx/CVE-2001-0594.json b/2001/0xxx/CVE-2001-0594.json index f9bb6de682a..f61f2b476df 100644 --- a/2001/0xxx/CVE-2001-0594.json +++ b/2001/0xxx/CVE-2001-0594.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0594", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010409 Solaris kcms_configure vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-04/0140.html" - }, - { - "name" : "2558", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2558" - }, - { - "name" : "solaris-kcms-command-bo(6359)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6359" - }, - { - "name" : "oval:org.mitre.oval:def:65", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A65" - }, - { - "name" : "oval:org.mitre.oval:def:7", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "solaris-kcms-command-bo(6359)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6359" + }, + { + "name": "oval:org.mitre.oval:def:7", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7" + }, + { + "name": "20010409 Solaris kcms_configure vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0140.html" + }, + { + "name": "2558", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2558" + }, + { + "name": "oval:org.mitre.oval:def:65", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A65" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0662.json b/2001/0xxx/CVE-2001-0662.json index d6b9bcceee9..b4d4fc01568 100644 --- a/2001/0xxx/CVE-2001-0662.json +++ b/2001/0xxx/CVE-2001-0662.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0662", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RPC endpoint mapper in Windows NT 4.0 allows remote attackers to cause a denial of service (loss of RPC services) via a malformed request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0662", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS01-048", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-048" - }, - { - "name" : "winnt-rpc-endpoint-dos(7105)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7105" - }, - { - "name" : "L-142", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/l-142.shtml" - }, - { - "name" : "3313", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3313" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RPC endpoint mapper in Windows NT 4.0 allows remote attackers to cause a denial of service (loss of RPC services) via a malformed request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "L-142", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/l-142.shtml" + }, + { + "name": "3313", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3313" + }, + { + "name": "MS01-048", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-048" + }, + { + "name": "winnt-rpc-endpoint-dos(7105)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7105" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1162.json b/2001/1xxx/CVE-2001-1162.json index 30e1a0b7adb..29073e41352 100644 --- a/2001/1xxx/CVE-2001-1162.json +++ b/2001/1xxx/CVE-2001-1162.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010623 smbd remote file creation vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/193027" - }, - { - "name" : "http://us1.samba.org/samba/whatsnew/macroexploit.html", - "refsource" : "CONFIRM", - "url" : "http://us1.samba.org/samba/whatsnew/macroexploit.html" - }, - { - "name" : "MDKSA-2001-062", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-062.php3" - }, - { - "name" : "HPSBUX0107-157", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/advisories/3423" - }, - { - "name" : "20011002-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20011002-01-P" - }, - { - "name" : "L-105", - "refsource" : "CIAC", - "url" : "http://ciac.llnl.gov/ciac/bulletins/l-105.shtml" - }, - { - "name" : "IMNX-2001-70-027-01", - "refsource" : "IMMUNIX", - "url" : "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-027-01" - }, - { - "name" : "CSSA-2001-024.0", - "refsource" : "CALDERA", - "url" : "http://www.calderasystems.com/support/security/advisories/CSSA-2001-024.0.txt" - }, - { - "name" : "CLA-2001:405", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000405" - }, - { - "name" : "RHSA-2001:086", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2001-086.html" - }, - { - "name" : "DSA-065", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2001/dsa-065" - }, - { - "name" : "2928", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2928" - }, - { - "name" : "samba-netbios-file-creation(6731)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6731" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2001-062", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-062.php3" + }, + { + "name": "HPSBUX0107-157", + "refsource": "HP", + "url": "http://www.securityfocus.com/advisories/3423" + }, + { + "name": "DSA-065", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2001/dsa-065" + }, + { + "name": "2928", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2928" + }, + { + "name": "http://us1.samba.org/samba/whatsnew/macroexploit.html", + "refsource": "CONFIRM", + "url": "http://us1.samba.org/samba/whatsnew/macroexploit.html" + }, + { + "name": "CSSA-2001-024.0", + "refsource": "CALDERA", + "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-024.0.txt" + }, + { + "name": "IMNX-2001-70-027-01", + "refsource": "IMMUNIX", + "url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-027-01" + }, + { + "name": "RHSA-2001:086", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2001-086.html" + }, + { + "name": "samba-netbios-file-creation(6731)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6731" + }, + { + "name": "20010623 smbd remote file creation vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/193027" + }, + { + "name": "CLA-2001:405", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000405" + }, + { + "name": "L-105", + "refsource": "CIAC", + "url": "http://ciac.llnl.gov/ciac/bulletins/l-105.shtml" + }, + { + "name": "20011002-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20011002-01-P" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1195.json b/2001/1xxx/CVE-2001-1195.json index fecacf0c2e4..b462baa3117 100644 --- a/2001/1xxx/CVE-2001-1195.json +++ b/2001/1xxx/CVE-2001-1195.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote attackers to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011215 Novell Groupwise servlet gateway default username and password", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/245871" - }, - { - "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10067329.htm", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10067329.htm" - }, - { - "name" : "groupwise-servlet-manager-default(7701)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7701.php" - }, - { - "name" : "3697", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3697" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote attackers to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011215 Novell Groupwise servlet gateway default username and password", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/245871" + }, + { + "name": "groupwise-servlet-manager-default(7701)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7701.php" + }, + { + "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10067329.htm", + "refsource": "CONFIRM", + "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10067329.htm" + }, + { + "name": "3697", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3697" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1478.json b/2001/1xxx/CVE-2001-1478.json index 8b973dbb777..213b83458ac 100644 --- a/2001/1xxx/CVE-2001-1478.json +++ b/2001/1xxx/CVE-2001-1478.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1478", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open Unix 8.0.0 allows local users to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1478", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CSSA-2001-SCO.34", - "refsource" : "CALDERA", - "url" : "ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.34/CSSA-2001-SCO.34.txt" - }, - { - "name" : "3555", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3555" - }, - { - "name" : "unixware-openunix-xlock-bo(7573)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7573" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open Unix 8.0.0 allows local users to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3555", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3555" + }, + { + "name": "unixware-openunix-xlock-bo(7573)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7573" + }, + { + "name": "CSSA-2001-SCO.34", + "refsource": "CALDERA", + "url": "ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.34/CSSA-2001-SCO.34.txt" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1490.json b/2001/1xxx/CVE-2001-1490.json index b7a517840ec..1b954326e42 100644 --- a/2001/1xxx/CVE-2001-1490.json +++ b/2001/1xxx/CVE-2001-1490.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1490", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla 0.9.6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1490", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011211 Browsers fails on big image count", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/245152" - }, - { - "name" : "3684", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3684" - }, - { - "name" : "win-browser-image-dos(7709)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7709" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla 0.9.6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "win-browser-image-dos(7709)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7709" + }, + { + "name": "20011211 Browsers fails on big image count", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/245152" + }, + { + "name": "3684", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3684" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2001.json b/2006/2xxx/CVE-2006-2001.json index c76e9ed135c..cb234eee7ef 100644 --- a/2006/2xxx/CVE-2006-2001.json +++ b/2006/2xxx/CVE-2006-2001.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2001", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this is a different vulnerability than the directory traversal vector." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2001", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060424 Scry Gallery XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431853/100/0/threaded" - }, - { - "name" : "20060425 Interesting Scry stuff", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2006-April/000716.html" - }, - { - "name" : "17668", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17668" - }, - { - "name" : "ADV-2006-1490", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1490" - }, - { - "name" : "24891", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24891" - }, - { - "name" : "19777", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19777" - }, - { - "name" : "783", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/783" - }, - { - "name" : "scry-gallery-index-xss(26101)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26101" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this is a different vulnerability than the directory traversal vector." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17668", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17668" + }, + { + "name": "ADV-2006-1490", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1490" + }, + { + "name": "783", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/783" + }, + { + "name": "24891", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24891" + }, + { + "name": "20060424 Scry Gallery XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431853/100/0/threaded" + }, + { + "name": "20060425 Interesting Scry stuff", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2006-April/000716.html" + }, + { + "name": "scry-gallery-index-xss(26101)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26101" + }, + { + "name": "19777", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19777" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2448.json b/2006/2xxx/CVE-2006-2448.json index 86fd6ef00b8..31fbafac815 100644 --- a/2006/2xxx/CVE-2006-2448.json +++ b/2006/2xxx/CVE-2006-2448.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, does not perform certain required access_ok checks, which allows local users to read arbitrary kernel memory on 64-bit systems (signal_64.c) and cause a denial of service (crash) and possibly read kernel memory on 32-bit systems (signal_32.c)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-2448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060623 rPSA-2006-0110-1 kernel", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438168/100/0/threaded" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.21", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.21" - }, - { - "name" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c85d1f9d358b24c5b05c3a2783a78423775a080", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c85d1f9d358b24c5b05c3a2783a78423775a080" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=194215", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=194215" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm" - }, - { - "name" : "RHSA-2006:0575", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0575.html" - }, - { - "name" : "SUSE-SA:2006:042", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_42_kernel.html" - }, - { - "name" : "SUSE-SA:2006:047", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_47_kernel.html" - }, - { - "name" : "2006-0037", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0037" - }, - { - "name" : "USN-311-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-311-1" - }, - { - "name" : "18616", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18616" - }, - { - "name" : "oval:org.mitre.oval:def:10040", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10040" - }, - { - "name" : "ADV-2006-2451", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2451" - }, - { - "name" : "20831", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20831" - }, - { - "name" : "20991", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20991" - }, - { - "name" : "20703", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20703" - }, - { - "name" : "21179", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21179" - }, - { - "name" : "21465", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21465" - }, - { - "name" : "22417", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22417" - }, - { - "name" : "21498", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21498" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, does not perform certain required access_ok checks, which allows local users to read arbitrary kernel memory on 64-bit systems (signal_64.c) and cause a denial of service (crash) and possibly read kernel memory on 32-bit systems (signal_32.c)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20703", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20703" + }, + { + "name": "ADV-2006-2451", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2451" + }, + { + "name": "SUSE-SA:2006:042", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_42_kernel.html" + }, + { + "name": "20060623 rPSA-2006-0110-1 kernel", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438168/100/0/threaded" + }, + { + "name": "SUSE-SA:2006:047", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_47_kernel.html" + }, + { + "name": "oval:org.mitre.oval:def:10040", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10040" + }, + { + "name": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c85d1f9d358b24c5b05c3a2783a78423775a080", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c85d1f9d358b24c5b05c3a2783a78423775a080" + }, + { + "name": "2006-0037", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0037" + }, + { + "name": "RHSA-2006:0575", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0575.html" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=194215", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=194215" + }, + { + "name": "USN-311-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-311-1" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.21", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.21" + }, + { + "name": "21465", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21465" + }, + { + "name": "20831", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20831" + }, + { + "name": "21498", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21498" + }, + { + "name": "18616", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18616" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm" + }, + { + "name": "22417", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22417" + }, + { + "name": "20991", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20991" + }, + { + "name": "21179", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21179" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2652.json b/2006/2xxx/CVE-2006-2652.json index 9a9a07be356..25b33488c7f 100644 --- a/2006/2xxx/CVE-2006-2652.json +++ b/2006/2xxx/CVE-2006-2652.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in WikiNi 0.4.2 and earlier allows remote attackers to inject arbitrary HTML and web script by editing a Wiki page to contain the script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060529 WikiNi Persistent Cross Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435307/100/0/threaded" - }, - { - "name" : "http://zone14.free.fr/advisories/3/", - "refsource" : "MISC", - "url" : "http://zone14.free.fr/advisories/3/" - }, - { - "name" : "18156", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18156" - }, - { - "name" : "25802", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25802" - }, - { - "name" : "20366", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20366" - }, - { - "name" : "981", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/981" - }, - { - "name" : "wikini-comment-xss(26772)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26772" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in WikiNi 0.4.2 and earlier allows remote attackers to inject arbitrary HTML and web script by editing a Wiki page to contain the script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wikini-comment-xss(26772)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26772" + }, + { + "name": "20060529 WikiNi Persistent Cross Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435307/100/0/threaded" + }, + { + "name": "http://zone14.free.fr/advisories/3/", + "refsource": "MISC", + "url": "http://zone14.free.fr/advisories/3/" + }, + { + "name": "25802", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25802" + }, + { + "name": "20366", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20366" + }, + { + "name": "18156", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18156" + }, + { + "name": "981", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/981" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5105.json b/2008/5xxx/CVE-2008-5105.json index 0356d0e53ac..9f462f14887 100644 --- a/2008/5xxx/CVE-2008-5105.json +++ b/2008/5xxx/CVE-2008-5105.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a denial of service (daemon crash or hang) via certain (1) APPE, (2) CWD, (3) DELE, (4) MKD, (5) RMD, (6) RETR, (7) RNFR, (8) RNTO, (9) SIZE, and (10) STOR commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080215 Sami FTP Server 2.0.* Multiple Remote Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488198/100/200/threaded" - }, - { - "name" : "27817", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27817" - }, - { - "name" : "4603", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4603" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a denial of service (daemon crash or hang) via certain (1) APPE, (2) CWD, (3) DELE, (4) MKD, (5) RMD, (6) RETR, (7) RNFR, (8) RNTO, (9) SIZE, and (10) STOR commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080215 Sami FTP Server 2.0.* Multiple Remote Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488198/100/200/threaded" + }, + { + "name": "27817", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27817" + }, + { + "name": "4603", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4603" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5569.json b/2008/5xxx/CVE-2008-5569.json index ef1be67f984..ae8110f40d1 100644 --- a/2008/5xxx/CVE-2008-5569.json +++ b/2008/5xxx/CVE-2008-5569.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in PHPepperShop 1.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php or (2) shop/kontakt.php, or (3) shop_kunden_mgmt.php or (4) SHOP_KONFIGURATION.php in shop/Admin/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081208 XSS in PHPepperShop v 1.4", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498998/100/0/threaded" - }, - { - "name" : "32690", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32690" - }, - { - "name" : "50568", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50568" - }, - { - "name" : "50569", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50569" - }, - { - "name" : "50570", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50570" - }, - { - "name" : "50571", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50571" - }, - { - "name" : "33069", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33069" - }, - { - "name" : "4745", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4745" - }, - { - "name" : "phpeppershop-multiple-xss(47157)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47157" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHPepperShop 1.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php or (2) shop/kontakt.php, or (3) shop_kunden_mgmt.php or (4) SHOP_KONFIGURATION.php in shop/Admin/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50571", + "refsource": "OSVDB", + "url": "http://osvdb.org/50571" + }, + { + "name": "phpeppershop-multiple-xss(47157)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47157" + }, + { + "name": "33069", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33069" + }, + { + "name": "4745", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4745" + }, + { + "name": "50568", + "refsource": "OSVDB", + "url": "http://osvdb.org/50568" + }, + { + "name": "50569", + "refsource": "OSVDB", + "url": "http://osvdb.org/50569" + }, + { + "name": "20081208 XSS in PHPepperShop v 1.4", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498998/100/0/threaded" + }, + { + "name": "50570", + "refsource": "OSVDB", + "url": "http://osvdb.org/50570" + }, + { + "name": "32690", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32690" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5870.json b/2008/5xxx/CVE-2008-5870.json index 5f6e95a754e..915078848fe 100644 --- a/2008/5xxx/CVE-2008-5870.json +++ b/2008/5xxx/CVE-2008-5870.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FastStone Image Viewer 3.6 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with large width and height values, possibly a related issue to CVE-2007-1942." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081005 FastStone Image Viewer v3.6 (malformed bmp image) DoS Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497061/100/0/threaded" - }, - { - "name" : "6673", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6673" - }, - { - "name" : "4878", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4878" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FastStone Image Viewer 3.6 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with large width and height values, possibly a related issue to CVE-2007-1942." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6673", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6673" + }, + { + "name": "4878", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4878" + }, + { + "name": "20081005 FastStone Image Viewer v3.6 (malformed bmp image) DoS Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497061/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2575.json b/2011/2xxx/CVE-2011-2575.json index 9c1d8f18725..ad2d6676690 100644 --- a/2011/2xxx/CVE-2011-2575.json +++ b/2011/2xxx/CVE-2011-2575.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2575", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2575", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2578.json b/2011/2xxx/CVE-2011-2578.json index 7d8ae381c6c..8e3deb1f888 100644 --- a/2011/2xxx/CVE-2011-2578.json +++ b/2011/2xxx/CVE-2011-2578.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption) via malformed SIP packets on a NAT interface, aka Bug ID CSCts12366." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-2578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-4MCAVS.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-4MCAVS.html" - }, - { - "name" : "1027005", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027005" - }, - { - "name" : "ciscoios-sip-nat-dos(75338)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75338" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption) via malformed SIP packets on a NAT interface, aka Bug ID CSCts12366." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ciscoios-sip-nat-dos(75338)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75338" + }, + { + "name": "1027005", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027005" + }, + { + "name": "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-4MCAVS.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-4MCAVS.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2674.json b/2011/2xxx/CVE-2011-2674.json index 8beae526f00..1cf99f286f8 100644 --- a/2011/2xxx/CVE-2011-2674.json +++ b/2011/2xxx/CVE-2011-2674.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2674", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BaserCMS before 1.6.12 does not properly restrict additions to the membership of the operators group, which allows remote authenticated users to gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2011-2674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://basercms.net/patch/JVN09789751", - "refsource" : "CONFIRM", - "url" : "http://basercms.net/patch/JVN09789751" - }, - { - "name" : "JVN#16617002", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN16617002/index.html" - }, - { - "name" : "JVNDB-2011-000066", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000066" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BaserCMS before 1.6.12 does not properly restrict additions to the membership of the operators group, which allows remote authenticated users to gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://basercms.net/patch/JVN09789751", + "refsource": "CONFIRM", + "url": "http://basercms.net/patch/JVN09789751" + }, + { + "name": "JVNDB-2011-000066", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000066" + }, + { + "name": "JVN#16617002", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN16617002/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2946.json b/2011/2xxx/CVE-2011-2946.json index d444c59c169..7789bffb2e9 100644 --- a/2011/2xxx/CVE-2011-2946.json +++ b/2011/2xxx/CVE-2011-2946.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://service.real.com/realplayer/security/08162011_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/08162011_player/en/" - }, - { - "name" : "1025943", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025943" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1025943", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025943" + }, + { + "name": "http://service.real.com/realplayer/security/08162011_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/08162011_player/en/" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3005.json b/2011/3xxx/CVE-2011-3005.json index 170187027c3..c6fab35f152 100644 --- a/2011/3xxx/CVE-2011-3005.json +++ b/2011/3xxx/CVE-2011-3005.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-44.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-44.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=675747", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=675747" - }, - { - "name" : "MDVSA-2011:141", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:141" - }, - { - "name" : "MDVSA-2011:142", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:142" - }, - { - "name" : "openSUSE-SU-2011:1076", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2011-10/msg00002.html" - }, - { - "name" : "oval:org.mitre.oval:def:14352", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14352" - }, - { - "name" : "46315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46315" - }, - { - "name" : "49055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-44.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-44.html" + }, + { + "name": "oval:org.mitre.oval:def:14352", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14352" + }, + { + "name": "46315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46315" + }, + { + "name": "49055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49055" + }, + { + "name": "MDVSA-2011:141", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:141" + }, + { + "name": "MDVSA-2011:142", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:142" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=675747", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=675747" + }, + { + "name": "openSUSE-SU-2011:1076", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3193.json b/2011/3xxx/CVE-2011-3193.json index e380bfcda72..88bd51c739a 100644 --- a/2011/3xxx/CVE-2011-3193.json +++ b/2011/3xxx/CVE-2011-3193.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120822 CVE request: libqt4: two memory issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/22/6" - }, - { - "name" : "[oss-security] 20120824 Re: CVE request: libqt4: two memory issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/24/8" - }, - { - "name" : "[oss-security] 20120825 Re: CVE request: libqt4: two memory issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/25/1" - }, - { - "name" : "http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08", - "refsource" : "MISC", - "url" : "http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08" - }, - { - "name" : "http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0", - "refsource" : "MISC", - "url" : "http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0" - }, - { - "name" : "http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65", - "refsource" : "CONFIRM", - "url" : "http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65" - }, - { - "name" : "https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c", - "refsource" : "CONFIRM", - "url" : "https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c" - }, - { - "name" : "RHSA-2011:1323", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-1323.html" - }, - { - "name" : "RHSA-2011:1324", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-1324.html" - }, - { - "name" : "RHSA-2011:1325", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-1325.html" - }, - { - "name" : "RHSA-2011:1326", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-1326.html" - }, - { - "name" : "RHSA-2011:1327", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-1327.html" - }, - { - "name" : "RHSA-2011:1328", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-1328.html" - }, - { - "name" : "SUSE-SU-2011:1113", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/12056605" - }, - { - "name" : "openSUSE-SU-2011:1119", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html" - }, - { - "name" : "openSUSE-SU-2011:1120", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html" - }, - { - "name" : "USN-1504-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1504-1" - }, - { - "name" : "49723", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49723" - }, - { - "name" : "75652", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/75652" - }, - { - "name" : "41537", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41537" - }, - { - "name" : "46117", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46117" - }, - { - "name" : "46118", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46118" - }, - { - "name" : "46119", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46119" - }, - { - "name" : "46128", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46128" - }, - { - "name" : "46371", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46371" - }, - { - "name" : "46410", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46410" - }, - { - "name" : "49895", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49895" - }, - { - "name" : "pango-harfbuzz-bo(69991)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69991" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46371", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46371" + }, + { + "name": "http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0", + "refsource": "MISC", + "url": "http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0" + }, + { + "name": "USN-1504-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1504-1" + }, + { + "name": "[oss-security] 20120824 Re: CVE request: libqt4: two memory issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/24/8" + }, + { + "name": "openSUSE-SU-2011:1119", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html" + }, + { + "name": "41537", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41537" + }, + { + "name": "46410", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46410" + }, + { + "name": "RHSA-2011:1327", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-1327.html" + }, + { + "name": "RHSA-2011:1325", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-1325.html" + }, + { + "name": "[oss-security] 20120822 CVE request: libqt4: two memory issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/22/6" + }, + { + "name": "46128", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46128" + }, + { + "name": "RHSA-2011:1324", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-1324.html" + }, + { + "name": "[oss-security] 20120825 Re: CVE request: libqt4: two memory issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/25/1" + }, + { + "name": "49895", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49895" + }, + { + "name": "46117", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46117" + }, + { + "name": "RHSA-2011:1326", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-1326.html" + }, + { + "name": "46119", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46119" + }, + { + "name": "49723", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49723" + }, + { + "name": "http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08", + "refsource": "MISC", + "url": "http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08" + }, + { + "name": "RHSA-2011:1323", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-1323.html" + }, + { + "name": "SUSE-SU-2011:1113", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/12056605" + }, + { + "name": "http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65", + "refsource": "CONFIRM", + "url": "http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65" + }, + { + "name": "RHSA-2011:1328", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-1328.html" + }, + { + "name": "https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c", + "refsource": "CONFIRM", + "url": "https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c" + }, + { + "name": "75652", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/75652" + }, + { + "name": "46118", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46118" + }, + { + "name": "pango-harfbuzz-bo(69991)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69991" + }, + { + "name": "openSUSE-SU-2011:1120", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3216.json b/2011/3xxx/CVE-2011-3216.json index 117d1b054e9..9477fb0b1f0 100644 --- a/2011/3xxx/CVE-2011-3216.json +++ b/2011/3xxx/CVE-2011-3216.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-3216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5002", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5002" - }, - { - "name" : "APPLE-SA-2011-10-12-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" - }, - { - "name" : "50085", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50085" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2011-10-12-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5002", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5002" + }, + { + "name": "50085", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50085" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3667.json b/2011/3xxx/CVE-2011-3667.json index dcd65404fc2..5c81c75d916 100644 --- a/2011/3xxx/CVE-2011-3667.json +++ b/2011/3xxx/CVE-2011-3667.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3667", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The User.offer_account_by_email WebService method in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3, and 4.1.x through 4.1.3, when createemailregexp is not empty, does not properly handle user_can_create_account settings, which allows remote attackers to create user accounts by leveraging a token contained in an e-mail message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3667", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111229 Security advisory for Bugzilla 4.2rc1, 4.0.3, 3.6.7 and 3.4.13", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2011-12/0184.html" - }, - { - "name" : "http://www.bugzilla.org/security/3.4.12/", - "refsource" : "CONFIRM", - "url" : "http://www.bugzilla.org/security/3.4.12/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=711714", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=711714" - }, - { - "name" : "bugzilla-createaccount-security-bypass(72042)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72042" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The User.offer_account_by_email WebService method in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3, and 4.1.x through 4.1.3, when createemailregexp is not empty, does not properly handle user_can_create_account settings, which allows remote attackers to create user accounts by leveraging a token contained in an e-mail message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20111229 Security advisory for Bugzilla 4.2rc1, 4.0.3, 3.6.7 and 3.4.13", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0184.html" + }, + { + "name": "http://www.bugzilla.org/security/3.4.12/", + "refsource": "CONFIRM", + "url": "http://www.bugzilla.org/security/3.4.12/" + }, + { + "name": "bugzilla-createaccount-security-bypass(72042)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72042" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=711714", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=711714" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4624.json b/2011/4xxx/CVE-2011-4624.json index c977f74300c..d9769c30918 100644 --- a/2011/4xxx/CVE-2011-4624.json +++ b/2011/4xxx/CVE-2011-4624.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111130 Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520691/100/0/threaded" - }, - { - "name" : "20111201 Re: Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520704/100/0/threaded" - }, - { - "name" : "20111229 Re: Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2011-12/0180.html" - }, - { - "name" : "[oss-security] 20141223 Re: CVE-request: WordPress flash-album-gallery plugin facebook.php XSS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/12/23/2" - }, - { - "name" : "http://plugins.trac.wordpress.org/changeset/469785", - "refsource" : "CONFIRM", - "url" : "http://plugins.trac.wordpress.org/changeset/469785" - }, - { - "name" : "http://wordpress.org/extend/plugins/flash-album-gallery/changelog/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/extend/plugins/flash-album-gallery/changelog/" - }, - { - "name" : "50861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50861" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20111229 Re: Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0180.html" + }, + { + "name": "20111130 Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520691/100/0/threaded" + }, + { + "name": "http://wordpress.org/extend/plugins/flash-album-gallery/changelog/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/extend/plugins/flash-album-gallery/changelog/" + }, + { + "name": "[oss-security] 20141223 Re: CVE-request: WordPress flash-album-gallery plugin facebook.php XSS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/12/23/2" + }, + { + "name": "50861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50861" + }, + { + "name": "http://plugins.trac.wordpress.org/changeset/469785", + "refsource": "CONFIRM", + "url": "http://plugins.trac.wordpress.org/changeset/469785" + }, + { + "name": "20111201 Re: Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520704/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0370.json b/2013/0xxx/CVE-2013-0370.json index b9fb9b1e6c0..7be06ad24b6 100644 --- a/2013/0xxx/CVE-2013-0370.json +++ b/2013/0xxx/CVE-2013-0370.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0370", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Security." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-0370", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Security." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0510.json b/2013/0xxx/CVE-2013-0510.json index 4c6f8a6af84..0325fa97d64 100644 --- a/2013/0xxx/CVE-2013-0510.json +++ b/2013/0xxx/CVE-2013-0510.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 includes a security test that sends session cookies to a specific external server, which allows man-in-the-middle attackers to hijack the test account by capturing these cookies." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-0510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21626264", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21626264" - }, - { - "name" : "appscan-fwd-info-disclosure(82592)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 includes a security test that sends session cookies to a specific external server, which allows man-in-the-middle attackers to hijack the test account by capturing these cookies." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "appscan-fwd-info-disclosure(82592)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82592" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21626264", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626264" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0729.json b/2013/0xxx/CVE-2013-0729.json index fa584c94880..27e03ce2ba4 100644 --- a/2013/0xxx/CVE-2013-0729.json +++ b/2013/0xxx/CVE-2013-0729.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Tracker Software PDF-XChange before 2.5.208 allows remote attackers to execute arbitrary code via a crafted Define Huffman Table header in a JPEG image file stream in a PDF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2013-0729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tracker-software.com/company/news_press_events/view/123", - "refsource" : "CONFIRM", - "url" : "http://www.tracker-software.com/company/news_press_events/view/123" - }, - { - "name" : "57491", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57491" - }, - { - "name" : "89442", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/89442" - }, - { - "name" : "51855", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51855" - }, - { - "name" : "pdfxchange-viewer-bo(81427)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Tracker Software PDF-XChange before 2.5.208 allows remote attackers to execute arbitrary code via a crafted Define Huffman Table header in a JPEG image file stream in a PDF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57491", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57491" + }, + { + "name": "51855", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51855" + }, + { + "name": "pdfxchange-viewer-bo(81427)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81427" + }, + { + "name": "89442", + "refsource": "OSVDB", + "url": "http://osvdb.org/89442" + }, + { + "name": "http://www.tracker-software.com/company/news_press_events/view/123", + "refsource": "CONFIRM", + "url": "http://www.tracker-software.com/company/news_press_events/view/123" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0979.json b/2013/0xxx/CVE-2013-0979.json index 326ac4487a4..5cf14490e51 100644 --- a/2013/0xxx/CVE-2013-0979.json +++ b/2013/0xxx/CVE-2013-0979.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-0979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5704", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5704" - }, - { - "name" : "APPLE-SA-2013-03-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Mar/msg00004.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2013-03-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00004.html" + }, + { + "name": "http://support.apple.com/kb/HT5704", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5704" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1518.json b/2013/1xxx/CVE-2013-1518.json index e25a72cf516..828d3b7cd76 100644 --- a/2013/1xxx/CVE-2013-1518.json +++ b/2013/1xxx/CVE-2013-1518.json @@ -1,192 +1,192 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1518", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"missing security restrictions.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-1518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[distro-pkg-dev] 20130417 [SECURITY] IcedTea 1.11.10 for OpenJDK 6 Released!", - "refsource" : "MLIST", - "url" : "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" - }, - { - "name" : "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/", - "refsource" : "CONFIRM", - "url" : "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/" - }, - { - "name" : "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/", - "refsource" : "CONFIRM", - "url" : "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/" - }, - { - "name" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jaxp/rev/38d4d23d167c", - "refsource" : "CONFIRM", - "url" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jaxp/rev/38d4d23d167c" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=952646", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=952646" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02889", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137283787217316&w=2" - }, - { - "name" : "SSRT101252", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137283787217316&w=2" - }, - { - "name" : "HPSBUX02922", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" - }, - { - "name" : "SSRT101305", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" - }, - { - "name" : "MDVSA-2013:145", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:145" - }, - { - "name" : "MDVSA-2013:161", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161" - }, - { - "name" : "RHSA-2013:0752", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0752.html" - }, - { - "name" : "RHSA-2013:0757", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0757.html" - }, - { - "name" : "RHSA-2013:0758", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0758.html" - }, - { - "name" : "SUSE-SU-2013:0814", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html" - }, - { - "name" : "openSUSE-SU-2013:0777", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html" - }, - { - "name" : "openSUSE-SU-2013:0964", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html" - }, - { - "name" : "USN-1806-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1806-1" - }, - { - "name" : "TA13-107A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-107A" - }, - { - "name" : "59141", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59141" - }, - { - "name" : "oval:org.mitre.oval:def:16702", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16702" - }, - { - "name" : "oval:org.mitre.oval:def:19451", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19451" - }, - { - "name" : "oval:org.mitre.oval:def:19705", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19705" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"missing security restrictions.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "[distro-pkg-dev] 20130417 [SECURITY] IcedTea 1.11.10 for OpenJDK 6 Released!", + "refsource": "MLIST", + "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html" + }, + { + "name": "RHSA-2013:0758", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0758.html" + }, + { + "name": "MDVSA-2013:145", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:145" + }, + { + "name": "TA13-107A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-107A" + }, + { + "name": "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/", + "refsource": "CONFIRM", + "url": "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/" + }, + { + "name": "SSRT101252", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137283787217316&w=2" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130" + }, + { + "name": "oval:org.mitre.oval:def:19451", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19451" + }, + { + "name": "SSRT101305", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" + }, + { + "name": "RHSA-2013:0757", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0757.html" + }, + { + "name": "HPSBUX02922", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124" + }, + { + "name": "openSUSE-SU-2013:0777", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html" + }, + { + "name": "MDVSA-2013:161", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161" + }, + { + "name": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jaxp/rev/38d4d23d167c", + "refsource": "CONFIRM", + "url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jaxp/rev/38d4d23d167c" + }, + { + "name": "openSUSE-SU-2013:0964", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html" + }, + { + "name": "RHSA-2013:0752", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0752.html" + }, + { + "name": "USN-1806-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1806-1" + }, + { + "name": "oval:org.mitre.oval:def:16702", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16702" + }, + { + "name": "59141", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59141" + }, + { + "name": "SUSE-SU-2013:0814", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=952646", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952646" + }, + { + "name": "oval:org.mitre.oval:def:19705", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19705" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" + }, + { + "name": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/", + "refsource": "CONFIRM", + "url": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/" + }, + { + "name": "HPSBUX02889", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137283787217316&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1526.json b/2013/1xxx/CVE-2013-1526.json index 850dbe15cf7..dc859a65c69 100644 --- a/2013/1xxx/CVE-2013-1526.json +++ b/2013/1xxx/CVE-2013-1526.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1526", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-1526", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" - }, - { - "name" : "GLSA-201308-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "53372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53372" + }, + { + "name": "GLSA-201308-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-06.xml" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1651.json b/2013/1xxx/CVE-2013-1651.json index 2bb8b4c9428..06c732409b6 100644 --- a/2013/1xxx/CVE-2013-1651.json +++ b/2013/1xxx/CVE-2013-1651.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof update servers and install arbitrary software via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130313 Open-Xchange Security Advisory 2013-03-13", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-03/0075.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof update servers and install arbitrary software via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130313 Open-Xchange Security Advisory 2013-03-13", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0075.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4347.json b/2013/4xxx/CVE-2013-4347.json index 31e824eda2f..a8fb0f77ceb 100644 --- a/2013/4xxx/CVE-2013-4347.json +++ b/2013/4xxx/CVE-2013-4347.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130912 Re: cve requests for python-oauth2", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/09/12/7" - }, - { - "name" : "https://github.com/simplegeo/python-oauth2/issues/9", - "refsource" : "MISC", - "url" : "https://github.com/simplegeo/python-oauth2/issues/9" - }, - { - "name" : "https://github.com/simplegeo/python-oauth2/pull/146", - "refsource" : "MISC", - "url" : "https://github.com/simplegeo/python-oauth2/pull/146" - }, - { - "name" : "62388", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62388" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62388", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62388" + }, + { + "name": "https://github.com/simplegeo/python-oauth2/issues/9", + "refsource": "MISC", + "url": "https://github.com/simplegeo/python-oauth2/issues/9" + }, + { + "name": "[oss-security] 20130912 Re: cve requests for python-oauth2", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/09/12/7" + }, + { + "name": "https://github.com/simplegeo/python-oauth2/pull/146", + "refsource": "MISC", + "url": "https://github.com/simplegeo/python-oauth2/pull/146" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4681.json b/2013/4xxx/CVE-2013-4681.json index 54f30ccb981..954a28811e8 100644 --- a/2013/4xxx/CVE-2013-4681.json +++ b/2013/4xxx/CVE-2013-4681.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4681", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the sofortueberweisung2commerce extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/", - "refsource" : "MISC", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/" - }, - { - "name" : "http://typo3.org/extensions/repository/view/sofortueberweisung2commerce", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/sofortueberweisung2commerce" - }, - { - "name" : "53280", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53280" - }, - { - "name" : "typo3-sofortue-unspecified-sql-injection(81585)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81585" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the sofortueberweisung2commerce extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/extensions/repository/view/sofortueberweisung2commerce", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/sofortueberweisung2commerce" + }, + { + "name": "53280", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53280" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/", + "refsource": "MISC", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/" + }, + { + "name": "typo3-sofortue-unspecified-sql-injection(81585)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81585" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5041.json b/2013/5xxx/CVE-2013-5041.json index f6b75c86e89..ee79298b745 100644 --- a/2013/5xxx/CVE-2013-5041.json +++ b/2013/5xxx/CVE-2013-5041.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5041", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-5041", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5263.json b/2013/5xxx/CVE-2013-5263.json index ecffff30481..6a648a0323a 100644 --- a/2013/5xxx/CVE-2013-5263.json +++ b/2013/5xxx/CVE-2013-5263.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5263", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5263", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5317.json b/2013/5xxx/CVE-2013-5317.json index c5d8c535159..31348392e9a 100644 --- a/2013/5xxx/CVE-2013-5317.json +++ b/2013/5xxx/CVE-2013-5317.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in RiteCMS 1.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the mode parameter to cms/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "27315", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/27315" - }, - { - "name" : "http://packetstormsecurity.com/files/122663/Rite-CMS-1.0.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/122663/Rite-CMS-1.0.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html" - }, - { - "name" : "61587", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61587" - }, - { - "name" : "ritecms-index-xss(86194)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86194" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in RiteCMS 1.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the mode parameter to cms/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61587", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61587" + }, + { + "name": "http://packetstormsecurity.com/files/122663/Rite-CMS-1.0.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/122663/Rite-CMS-1.0.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html" + }, + { + "name": "ritecms-index-xss(86194)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86194" + }, + { + "name": "27315", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/27315" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5501.json b/2013/5xxx/CVE-2013-5501.json index a582d9d82fc..26e3ac1abff 100644 --- a/2013/5xxx/CVE-2013-5501.json +++ b/2013/5xxx/CVE-2013-5501.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the oraservice page in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj23328." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-5501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130919 Cisco MediaSense oraservice Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5501" - }, - { - "name" : "62574", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62574" - }, - { - "name" : "1029064", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029064" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the oraservice page in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj23328." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130919 Cisco MediaSense oraservice Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5501" + }, + { + "name": "1029064", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029064" + }, + { + "name": "62574", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62574" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5810.json b/2013/5xxx/CVE-2013-5810.json index b7155ba2424..f4d99e4e782 100644 --- a/2013/5xxx/CVE-2013-5810.json +++ b/2013/5xxx/CVE-2013-5810.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" - }, - { - "name" : "HPSBUX02944", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=138674073720143&w=2" - }, - { - "name" : "RHSA-2013:1440", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1440.html" - }, - { - "name" : "oval:org.mitre.oval:def:19094", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19094" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:1440", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html" + }, + { + "name": "oval:org.mitre.oval:def:19094", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19094" + }, + { + "name": "HPSBUX02944", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=138674073720143&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2183.json b/2014/2xxx/CVE-2014-2183.json index f4cbbc638ae..52fe88c434c 100644 --- a/2014/2xxx/CVE-2014-2183.json +++ b/2014/2xxx/CVE-2014-2183.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-2183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=33971", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=33971" - }, - { - "name" : "20140428 Cisco IOS XE Software Malformed L2TP Packet Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2183" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140428 Cisco IOS XE Software Malformed L2TP Packet Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2183" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33971", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33971" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0103.json b/2017/0xxx/CVE-2017-0103.json index 17de92562ce..bdd987c3805 100644 --- a/2017/0xxx/CVE-2017-0103.json +++ b/2017/0xxx/CVE-2017-0103.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Registry", - "version" : { - "version_data" : [ - { - "version_value" : "The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 mishandles registry objects in memory, which allows local users to gain privileges via a crafted application, aka \"Windows Registry Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Registry", + "version": { + "version_data": [ + { + "version_value": "The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41645", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41645/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0103", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0103" - }, - { - "name" : "96623", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96623" - }, - { - "name" : "1038013", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 mishandles registry objects in memory, which allows local users to gain privileges via a crafted application, aka \"Windows Registry Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41645", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41645/" + }, + { + "name": "1038013", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038013" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0103", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0103" + }, + { + "name": "96623", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96623" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0572.json b/2017/0xxx/CVE-2017-0572.json index 910712214c8..bbaabb4e468 100644 --- a/2017/0xxx/CVE-2017-0572.json +++ b/2017/0xxx/CVE-2017-0572.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0572", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-34198931. References: B-RB#112597." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0572", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-04-01" - }, - { - "name" : "97331", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97331" - }, - { - "name" : "1038201", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-34198931. References: B-RB#112597." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-04-01" + }, + { + "name": "97331", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97331" + }, + { + "name": "1038201", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038201" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0978.json b/2017/0xxx/CVE-2017-0978.json index 8f6a60eb96a..22b6e6c3ea6 100644 --- a/2017/0xxx/CVE-2017-0978.json +++ b/2017/0xxx/CVE-2017-0978.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0978", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0978", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000055.json b/2017/1000xxx/CVE-2017-1000055.json index b0137865b56..c4fff68b4d1 100644 --- a/2017/1000xxx/CVE-2017-1000055.json +++ b/2017/1000xxx/CVE-2017-1000055.json @@ -1,21 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "DATE_ASSIGNED" : "2017-05-06T20:43:28.307029", - "ID" : "CVE-2017-1000055", - "REQUESTER" : "wissambashour@gmail.com", - "STATE" : "REJECT", - "STATE_DETAIL" : "No vulnerability info provided, doesn't appear to be a legitimate CVE request" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1000055", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000172.json b/2017/1000xxx/CVE-2017-1000172.json index 0d98e91431c..14775ac2132 100644 --- a/2017/1000xxx/CVE-2017-1000172.json +++ b/2017/1000xxx/CVE-2017-1000172.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.389186", - "ID" : "CVE-2017-1000172", - "REQUESTER" : "tyler.price@rsmus.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Gravity", - "version" : { - "version_data" : [ - { - "version_value" : "1" - } - ] - } - } - ] - }, - "vendor_name" : "Creolabs" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. An example of a Heap-Use-After-Free after the 'sublexer' pointer has been freed. Line 542 of gravity_lexer.c. 'lexer' is being used to access a variable but 'lexer' has already been freed, creating a Heap Use-After-Free condition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-After-Free" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.389186", + "ID": "CVE-2017-1000172", + "REQUESTER": "tyler.price@rsmus.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/marcobambini/gravity/issues/144", - "refsource" : "MISC", - "url" : "https://github.com/marcobambini/gravity/issues/144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. An example of a Heap-Use-After-Free after the 'sublexer' pointer has been freed. Line 542 of gravity_lexer.c. 'lexer' is being used to access a variable but 'lexer' has already been freed, creating a Heap Use-After-Free condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/marcobambini/gravity/issues/144", + "refsource": "MISC", + "url": "https://github.com/marcobambini/gravity/issues/144" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000423.json b/2017/1000xxx/CVE-2017-1000423.json index b44fa72694a..3a8bb53ff9c 100644 --- a/2017/1000xxx/CVE-2017-1000423.json +++ b/2017/1000xxx/CVE-2017-1000423.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-12-29", - "ID" : "CVE-2017-1000423", - "REQUESTER" : "antirais@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "b2evolution", - "version" : { - "version_data" : [ - { - "version_value" : "6.6.0 - 6.8.10" - } - ] - } - } - ] - }, - "vendor_name" : "b2evolution" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "input validation" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-12-29", + "ID": "CVE-2017-1000423", + "REQUESTER": "antirais@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/b2evolution/b2evolution/commit/0096a3ebc85f6aadbda2c4427cd092a538b161d2", - "refsource" : "CONFIRM", - "url" : "https://github.com/b2evolution/b2evolution/commit/0096a3ebc85f6aadbda2c4427cd092a538b161d2" - }, - { - "name" : "https://github.com/b2evolution/b2evolution/commit/b899d654d931f3bf3cfbbdd71e0d1a0f3a16d04c", - "refsource" : "CONFIRM", - "url" : "https://github.com/b2evolution/b2evolution/commit/b899d654d931f3bf3cfbbdd71e0d1a0f3a16d04c" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/b2evolution/b2evolution/commit/0096a3ebc85f6aadbda2c4427cd092a538b161d2", + "refsource": "CONFIRM", + "url": "https://github.com/b2evolution/b2evolution/commit/0096a3ebc85f6aadbda2c4427cd092a538b161d2" + }, + { + "name": "https://github.com/b2evolution/b2evolution/commit/b899d654d931f3bf3cfbbdd71e0d1a0f3a16d04c", + "refsource": "CONFIRM", + "url": "https://github.com/b2evolution/b2evolution/commit/b899d654d931f3bf3cfbbdd71e0d1a0f3a16d04c" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12469.json b/2017/12xxx/CVE-2017-12469.json index 5728a34b5d2..62e58fab9d5 100644 --- a/2017/12xxx/CVE-2017-12469.json +++ b/2017/12xxx/CVE-2017-12469.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12469", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in util/ccnl-common.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging incorrect memory allocation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12469", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/cn-uofbasel/ccn-lite/issues/135", - "refsource" : "CONFIRM", - "url" : "https://github.com/cn-uofbasel/ccn-lite/issues/135" - }, - { - "name" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", - "refsource" : "CONFIRM", - "url" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in util/ccnl-common.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging incorrect memory allocation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", + "refsource": "CONFIRM", + "url": "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0" + }, + { + "name": "https://github.com/cn-uofbasel/ccn-lite/issues/135", + "refsource": "CONFIRM", + "url": "https://github.com/cn-uofbasel/ccn-lite/issues/135" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12537.json b/2017/12xxx/CVE-2017-12537.json index b7ae0c0ad9c..5f01ece408e 100644 --- a/2017/12xxx/CVE-2017-12537.json +++ b/2017/12xxx/CVE-2017-12537.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-08-11T00:00:00", - "ID" : "CVE-2017-12537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intelligent Management Center (iMC) PLAT", - "version" : { - "version_data" : [ - { - "version_value" : "PLAT 7.3 (E0504)" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-08-11T00:00:00", + "ID": "CVE-2017-12537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intelligent Management Center (iMC) PLAT", + "version": { + "version_data": [ + { + "version_value": "PLAT 7.3 (E0504)" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us" - }, - { - "name" : "100367", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100367" - }, - { - "name" : "1039152", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039152", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039152" + }, + { + "name": "100367", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100367" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12640.json b/2017/12xxx/CVE-2017-12640.json index 3b8e00d2098..30d1bb708d2 100644 --- a/2017/12xxx/CVE-2017-12640.json +++ b/2017/12xxx/CVE-2017-12640.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12640", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/78d4c5db50fbab0b4beb69c46c6167f2c6513dec", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/78d4c5db50fbab0b4beb69c46c6167f2c6513dec" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/542", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/542" - }, - { - "name" : "DSA-4019", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4019" - }, - { - "name" : "DSA-4040", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4040" - }, - { - "name" : "USN-3681-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3681-1/" - }, - { - "name" : "100155", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100155" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4040", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4040" + }, + { + "name": "USN-3681-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3681-1/" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/542", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/542" + }, + { + "name": "100155", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100155" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/78d4c5db50fbab0b4beb69c46c6167f2c6513dec", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/78d4c5db50fbab0b4beb69c46c6167f2c6513dec" + }, + { + "name": "DSA-4019", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4019" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16349.json b/2017/16xxx/CVE-2017-16349.json index ee138e2a991..cd2fa700f33 100644 --- a/2017/16xxx/CVE-2017-16349.json +++ b/2017/16xxx/CVE-2017-16349.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2017-16349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SAP", - "version" : { - "version_data" : [ - { - "version_value" : "SAP BPC" - } - ] - } - } - ] - }, - "vendor_name" : "Insteon" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in information disclosure and potential denial of service. An attacker can issue authenticated HTTP requests to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Restriction of XML External Entity Reference" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2017-16349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SAP", + "version": { + "version_data": [ + { + "version_value": "SAP BPC" + } + ] + } + } + ] + }, + "vendor_name": "Insteon" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/SAP", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/SAP" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in information disclosure and potential denial of service. An attacker can issue authenticated HTTP requests to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Restriction of XML External Entity Reference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/SAP", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/SAP" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16648.json b/2017/16xxx/CVE-2017-16648.json index 30cf446dead..1f790289c35 100644 --- a/2017/16xxx/CVE-2017-16648.json +++ b/2017/16xxx/CVE-2017-16648.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://groups.google.com/d/msg/syzkaller/0HJQqTm0G_g/T931ItskBAAJ", - "refsource" : "MISC", - "url" : "https://groups.google.com/d/msg/syzkaller/0HJQqTm0G_g/T931ItskBAAJ" - }, - { - "name" : "https://patchwork.kernel.org/patch/10046189/", - "refsource" : "MISC", - "url" : "https://patchwork.kernel.org/patch/10046189/" - }, - { - "name" : "RHSA-2018:2948", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2948" - }, - { - "name" : "101758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101758" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://patchwork.kernel.org/patch/10046189/", + "refsource": "MISC", + "url": "https://patchwork.kernel.org/patch/10046189/" + }, + { + "name": "101758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101758" + }, + { + "name": "https://groups.google.com/d/msg/syzkaller/0HJQqTm0G_g/T931ItskBAAJ", + "refsource": "MISC", + "url": "https://groups.google.com/d/msg/syzkaller/0HJQqTm0G_g/T931ItskBAAJ" + }, + { + "name": "RHSA-2018:2948", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2948" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16769.json b/2017/16xxx/CVE-2017-16769.json index 67ee42052a6..d7b86ca1794 100644 --- a/2017/16xxx/CVE-2017-16769.json +++ b/2017/16xxx/CVE-2017-16769.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@synology.com", - "DATE_PUBLIC" : "2010-12-07T00:00:00", - "ID" : "CVE-2017-16769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Synology Photo Station", - "version" : { - "version_data" : [ - { - "version_value" : "6.8.1-3458" - } - ] - } - } - ] - }, - "vendor_name" : "Synology" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Exposure of Private Information (CWE-359)" - } + "CVE_data_meta": { + "ASSIGNER": "security@synology.com", + "DATE_PUBLIC": "2010-12-07T00:00:00", + "ID": "CVE-2017-16769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Synology Photo Station", + "version": { + "version_data": [ + { + "version_value": "6.8.1-3458" + } + ] + } + } + ] + }, + "vendor_name": "Synology" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.synology.com/en-global/support/security/Synology_SA_17_76", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/en-global/support/security/Synology_SA_17_76" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Exposure of Private Information (CWE-359)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.synology.com/en-global/support/security/Synology_SA_17_76", + "refsource": "CONFIRM", + "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_76" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16835.json b/2017/16xxx/CVE-2017-16835.json index f29cc36d2e7..8f78a5b6f60 100644 --- a/2017/16xxx/CVE-2017-16835.json +++ b/2017/16xxx/CVE-2017-16835.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"Photo,Video Locker-Calculator\" application 12.0 for Android has android:allowBackup=\"true\" in AndroidManifest.xml, which allows attackers to obtain sensitive cleartext information via an \"adb backup '-f smart.calculator.gallerylock'\" command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ds-security.com/2017/11/16/photovideo-locker-calculator-leak-of-sensitive-files/", - "refsource" : "MISC", - "url" : "https://www.ds-security.com/2017/11/16/photovideo-locker-calculator-leak-of-sensitive-files/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"Photo,Video Locker-Calculator\" application 12.0 for Android has android:allowBackup=\"true\" in AndroidManifest.xml, which allows attackers to obtain sensitive cleartext information via an \"adb backup '-f smart.calculator.gallerylock'\" command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ds-security.com/2017/11/16/photovideo-locker-calculator-leak-of-sensitive-files/", + "refsource": "MISC", + "url": "https://www.ds-security.com/2017/11/16/photovideo-locker-calculator-leak-of-sensitive-files/" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16861.json b/2017/16xxx/CVE-2017-16861.json index 8444e7282f8..5055742da4b 100644 --- a/2017/16xxx/CVE-2017-16861.json +++ b/2017/16xxx/CVE-2017-16861.json @@ -1,86 +1,86 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2018-01-31T00:00:00", - "ID" : "CVE-2017-16861", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Fisheye and Crucible", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 4.4.5" - }, - { - "version_value" : "4.5.0 prior to 4.5.2" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker who can access the web interface of Fisheye or Crucible or who hosts a website that a user who can access the web interface of Fisheye or Crucible visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Fisheye or Crucible. All versions of Fisheye and Crucible before 4.4.5 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.2 (the fixed version for 4.5.x) are affected by this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-01-31T00:00:00", + "ID": "CVE-2017-16861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Fisheye and Crucible", + "version": { + "version_data": [ + { + "version_value": "prior to 4.4.5" + }, + { + "version_value": "4.5.0 prior to 4.5.2" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://confluence.atlassian.com/x/h-QyO", - "refsource" : "MISC", - "url" : "https://confluence.atlassian.com/x/h-QyO" - }, - { - "name" : "https://confluence.atlassian.com/x/iPQyO", - "refsource" : "MISC", - "url" : "https://confluence.atlassian.com/x/iPQyO" - }, - { - "name" : "https://jira.atlassian.com/browse/CRUC-8156", - "refsource" : "MISC", - "url" : "https://jira.atlassian.com/browse/CRUC-8156" - }, - { - "name" : "https://jira.atlassian.com/browse/FE-6991", - "refsource" : "MISC", - "url" : "https://jira.atlassian.com/browse/FE-6991" - }, - { - "name" : "102971", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102971" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker who can access the web interface of Fisheye or Crucible or who hosts a website that a user who can access the web interface of Fisheye or Crucible visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Fisheye or Crucible. All versions of Fisheye and Crucible before 4.4.5 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.2 (the fixed version for 4.5.x) are affected by this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jira.atlassian.com/browse/CRUC-8156", + "refsource": "MISC", + "url": "https://jira.atlassian.com/browse/CRUC-8156" + }, + { + "name": "https://confluence.atlassian.com/x/h-QyO", + "refsource": "MISC", + "url": "https://confluence.atlassian.com/x/h-QyO" + }, + { + "name": "102971", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102971" + }, + { + "name": "https://confluence.atlassian.com/x/iPQyO", + "refsource": "MISC", + "url": "https://confluence.atlassian.com/x/iPQyO" + }, + { + "name": "https://jira.atlassian.com/browse/FE-6991", + "refsource": "MISC", + "url": "https://jira.atlassian.com/browse/FE-6991" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4007.json b/2017/4xxx/CVE-2017-4007.json index 4ae18398bd2..8a10b20336b 100644 --- a/2017/4xxx/CVE-2017-4007.json +++ b/2017/4xxx/CVE-2017-4007.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4007", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4007", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4253.json b/2017/4xxx/CVE-2017-4253.json index dfdf300268d..efdb49afcc9 100644 --- a/2017/4xxx/CVE-2017-4253.json +++ b/2017/4xxx/CVE-2017-4253.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4253", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4253", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4541.json b/2017/4xxx/CVE-2017-4541.json index 59f4d020328..de05fd148b1 100644 --- a/2017/4xxx/CVE-2017-4541.json +++ b/2017/4xxx/CVE-2017-4541.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4541", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4541", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4888.json b/2017/4xxx/CVE-2017-4888.json index 4e0b982fecd..8ea71f91e2a 100644 --- a/2017/4xxx/CVE-2017-4888.json +++ b/2017/4xxx/CVE-2017-4888.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4888", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4888", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18014.json b/2018/18xxx/CVE-2018-18014.json index 88a70c85f38..b6908e09f7b 100644 --- a/2018/18xxx/CVE-2018-18014.json +++ b/2018/18xxx/CVE-2018-18014.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED *** Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is \"already mitigated by the internal firewall that limits access to configuration services to localhost.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://advisories.dxw.com/advisories/xen-mobile-backing-service-allows-unauthenticated-local-users-to-execute-system-commands-as-root/", - "refsource" : "MISC", - "url" : "https://advisories.dxw.com/advisories/xen-mobile-backing-service-allows-unauthenticated-local-users-to-execute-system-commands-as-root/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED *** Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is \"already mitigated by the internal firewall that limits access to configuration services to localhost.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://advisories.dxw.com/advisories/xen-mobile-backing-service-allows-unauthenticated-local-users-to-execute-system-commands-as-root/", + "refsource": "MISC", + "url": "https://advisories.dxw.com/advisories/xen-mobile-backing-service-allows-unauthenticated-local-users-to-execute-system-commands-as-root/" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18799.json b/2018/18xxx/CVE-2018-18799.json index da687db2508..3b1f374e696 100644 --- a/2018/18xxx/CVE-2018-18799.json +++ b/2018/18xxx/CVE-2018-18799.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "School Attendance Monitoring System 1.0 has CSRF via event/controller.php?action=photos." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45726", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45726/" - }, - { - "name" : "http://packetstormsecurity.com/files/150009/School-Attendance-Monitoring-System-1.0-Shell-Upload.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/150009/School-Attendance-Monitoring-System-1.0-Shell-Upload.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "School Attendance Monitoring System 1.0 has CSRF via event/controller.php?action=photos." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/150009/School-Attendance-Monitoring-System-1.0-Shell-Upload.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/150009/School-Attendance-Monitoring-System-1.0-Shell-Upload.html" + }, + { + "name": "45726", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45726/" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5009.json b/2018/5xxx/CVE-2018-5009.json index 09d69dcc550..29b1af67240 100644 --- a/2018/5xxx/CVE-2018-5009.json +++ b/2018/5xxx/CVE-2018-5009.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-5009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-after-free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-5009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" - }, - { - "name" : "104701", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104701" - }, - { - "name" : "1041250", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" + }, + { + "name": "1041250", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041250" + }, + { + "name": "104701", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104701" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5317.json b/2018/5xxx/CVE-2018-5317.json index 1246f6300c5..ab516c6fa4e 100644 --- a/2018/5xxx/CVE-2018-5317.json +++ b/2018/5xxx/CVE-2018-5317.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5317", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5317", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5512.json b/2018/5xxx/CVE-2018-5512.json index bd4a8f0eebc..f17959c69d5 100644 --- a/2018/5xxx/CVE-2018-5512.json +++ b/2018/5xxx/CVE-2018-5512.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "DATE_PUBLIC" : "2018-04-30T00:00:00", - "ID" : "CVE-2018-5512", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)", - "version" : { - "version_data" : [ - { - "version_value" : "13.1.0-13.1.0.5" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload (LRO) and SYN cookies are enabled (default settings), undisclosed traffic patterns may cause TMM to restart." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DoS" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2018-04-30T00:00:00", + "ID": "CVE-2018-5512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)", + "version": { + "version_data": [ + { + "version_value": "13.1.0-13.1.0.5" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K51754851", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K51754851" - }, - { - "name" : "104095", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104095" - }, - { - "name" : "1040801", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040801" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload (LRO) and SYN cookies are enabled (default settings), undisclosed traffic patterns may cause TMM to restart." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104095", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104095" + }, + { + "name": "https://support.f5.com/csp/article/K51754851", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K51754851" + }, + { + "name": "1040801", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040801" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5583.json b/2018/5xxx/CVE-2018-5583.json index 709a03e50b1..4737176a068 100644 --- a/2018/5xxx/CVE-2018-5583.json +++ b/2018/5xxx/CVE-2018-5583.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5583", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5583", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5652.json b/2018/5xxx/CVE-2018-5652.json index dfafbec8d18..742fe80b02c 100644 --- a/2018/5xxx/CVE-2018-5652.json +++ b/2018/5xxx/CVE-2018-5652.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_end parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/dark-mode.md", - "refsource" : "MISC", - "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/dark-mode.md" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/9008", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/9008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_end parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wpvulndb.com/vulnerabilities/9008", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/9008" + }, + { + "name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/dark-mode.md", + "refsource": "MISC", + "url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/dark-mode.md" + } + ] + } +} \ No newline at end of file