diff --git a/2001/0xxx/CVE-2001-0023.json b/2001/0xxx/CVE-2001-0023.json index 4d6d05e3b08..c9b924215bd 100644 --- a/2001/0xxx/CVE-2001-0023.json +++ b/2001/0xxx/CVE-2001-0023.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "everythingform.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001211 Insecure input validation in everythingform.cgi (remote command execution)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-12/0137.html" - }, - { - "name" : "2101", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2101" - }, - { - "name" : "http-cgi-everythingform(5736)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5736" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "everythingform.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20001211 Insecure input validation in everythingform.cgi (remote command execution)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0137.html" + }, + { + "name": "2101", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2101" + }, + { + "name": "http-cgi-everythingform(5736)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5736" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0610.json b/2001/0xxx/CVE-2001-0610.json index 1a6b152ac10..bf4530155bc 100644 --- a/2001/0xxx/CVE-2001-0610.json +++ b/2001/0xxx/CVE-2001-0610.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0610", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010418 Insecure directory handling in KFM file manager ", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-04/0336.html" - }, - { - "name" : "kfm-tmpfile-symlink(6428)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "kfm-tmpfile-symlink(6428)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6428" + }, + { + "refsource": "BUGTRAQ", + "name": "20010418 Insecure directory handling in KFM file manager", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0336.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0631.json b/2001/0xxx/CVE-2001-0631.json index 27d123f0abc..3635cd53008 100644 --- a/2001/0xxx/CVE-2001-0631.json +++ b/2001/0xxx/CVE-2001-0631.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Centrinity First Class Internet Services 5.50 allows for the circumventing of the default 'spam' filters via the presence of '<@>' in the 'From:' field, which allows remote attackers to send spoofed email with the identity of local users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010221 FirstClass Internetgateway \"stupidity\"", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-02/0376.html" - }, - { - "name" : "20010226 Re: [Fwd: FirstClass Internetgateway \"stupidity\"]", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-02/0440.html" - }, - { - "name" : "centrinity-firstclass-email-spoofing(6192)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6192" - }, - { - "name" : "2423", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Centrinity First Class Internet Services 5.50 allows for the circumventing of the default 'spam' filters via the presence of '<@>' in the 'From:' field, which allows remote attackers to send spoofed email with the identity of local users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010226 Re: [Fwd: FirstClass Internetgateway \"stupidity\"]", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0440.html" + }, + { + "name": "20010221 FirstClass Internetgateway \"stupidity\"", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0376.html" + }, + { + "name": "2423", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2423" + }, + { + "name": "centrinity-firstclass-email-spoofing(6192)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6192" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0694.json b/2001/0xxx/CVE-2001-0694.json index 40e0594f070..52506038076 100644 --- a/2001/0xxx/CVE-2001-0694.json +++ b/2001/0xxx/CVE-2001-0694.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0694", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote attacker to view arbitrary files via a dot dot attack in the CD command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0694", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010525 WFTPD 32-bit (X86) 3.00 R5 Directory Traversal / Buffer Overflow / DoS", - "refsource" : "VULN-DEV", - "url" : "http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0454.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote attacker to view arbitrary files via a dot dot attack in the CD command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010525 WFTPD 32-bit (X86) 3.00 R5 Directory Traversal / Buffer Overflow / DoS", + "refsource": "VULN-DEV", + "url": "http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0454.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0767.json b/2001/0xxx/CVE-2001-0767.json index 77744e536d0..99c5a7cd9bd 100644 --- a/2001/0xxx/CVE-2001-0767.json +++ b/2001/0xxx/CVE-2001-0767.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0767", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in GuildFTPd 0.9.7 allows attackers to list or read arbitrary files and directories via a .. in (1) LS or (2) GET." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010526 GuildFTPD v0.97 Directory Traversal / Weak password encryption ", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-05/0250.html" - }, - { - "name" : "http://www.nitrolic.com/", - "refsource" : "MISC", - "url" : "http://www.nitrolic.com/" - }, - { - "name" : "2789", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2789" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in GuildFTPd 0.9.7 allows attackers to list or read arbitrary files and directories via a .. in (1) LS or (2) GET." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.nitrolic.com/", + "refsource": "MISC", + "url": "http://www.nitrolic.com/" + }, + { + "name": "2789", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2789" + }, + { + "refsource": "BUGTRAQ", + "name": "20010526 GuildFTPD v0.97 Directory Traversal / Weak password encryption", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0250.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1459.json b/2001/1xxx/CVE-2001-1459.json index 5d8a00aade5..ea930e0c0f1 100644 --- a/2001/1xxx/CVE-2001-1459.json +++ b/2001/1xxx/CVE-2001-1459.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010619 pam session", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=99324968918628&w=2" - }, - { - "name" : "VU#797027", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/797027" - }, - { - "name" : "2917", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2917" - }, - { - "name" : "openssh-rsh-bypass-pam(6757)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6757" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2917", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2917" + }, + { + "name": "VU#797027", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/797027" + }, + { + "name": "20010619 pam session", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=99324968918628&w=2" + }, + { + "name": "openssh-rsh-bypass-pam(6757)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6757" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1483.json b/2001/1xxx/CVE-2001-1483.json index 2b3329b48a7..4f4703e59fc 100644 --- a/2001/1xxx/CVE-2001-1483.json +++ b/2001/1xxx/CVE-2001-1483.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1483", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows remote attackers to determine the existence of user accounts by printing random passphrases if the user account does not exist and static passphrases if the user account does exist." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1483", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011115 Re: OpenSSH & S/Key information leakage", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/20011115221226.7C93E186B0@atlas.dgp.toronto.edu" - }, - { - "name" : "opie-verify-accounts(7572)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7572" - }, - { - "name" : "3549", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3549" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows remote attackers to determine the existence of user accounts by printing random passphrases if the user account does not exist and static passphrases if the user account does exist." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "opie-verify-accounts(7572)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7572" + }, + { + "name": "20011115 Re: OpenSSH & S/Key information leakage", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/20011115221226.7C93E186B0@atlas.dgp.toronto.edu" + }, + { + "name": "3549", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3549" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2452.json b/2006/2xxx/CVE-2006-2452.json index 6923f888153..8975b7ad664 100644 --- a/2006/2xxx/CVE-2006-2452.json +++ b/2006/2xxx/CVE-2006-2452.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \"face browser\" feature is enabled, allows local users to access the \"Configure Login Manager\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-2452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060608 rPSA-2006-0098-1 gdm", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436428" - }, - { - "name" : "http://bugzilla.gnome.org/show_bug.cgi?id=343476", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.gnome.org/show_bug.cgi?id=343476" - }, - { - "name" : "GLSA-200606-14", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml" - }, - { - "name" : "MDKSA-2006:100", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100" - }, - { - "name" : "SUSE-SR:2006:013", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html" - }, - { - "name" : "USN-293-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/293-1/" - }, - { - "name" : "18332", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18332" - }, - { - "name" : "ADV-2006-2239", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2239" - }, - { - "name" : "20552", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20552" - }, - { - "name" : "20627", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20627" - }, - { - "name" : "20532", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20532" - }, - { - "name" : "20636", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20636" - }, - { - "name" : "20587", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20587" - }, - { - "name" : "gdm-facebrowser-security-bypass(27018)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \"face browser\" feature is enabled, allows local users to access the \"Configure Login Manager\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20532", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20532" + }, + { + "name": "SUSE-SR:2006:013", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html" + }, + { + "name": "20627", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20627" + }, + { + "name": "ADV-2006-2239", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2239" + }, + { + "name": "USN-293-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/293-1/" + }, + { + "name": "20060608 rPSA-2006-0098-1 gdm", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436428" + }, + { + "name": "http://bugzilla.gnome.org/show_bug.cgi?id=343476", + "refsource": "CONFIRM", + "url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476" + }, + { + "name": "GLSA-200606-14", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml" + }, + { + "name": "18332", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18332" + }, + { + "name": "20636", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20636" + }, + { + "name": "gdm-facebrowser-security-bypass(27018)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018" + }, + { + "name": "20587", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20587" + }, + { + "name": "20552", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20552" + }, + { + "name": "MDKSA-2006:100", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2746.json b/2006/2xxx/CVE-2006-2746.json index b2a46a2bc27..50081663c52 100644 --- a/2006/2xxx/CVE-2006-2746.json +++ b/2006/2xxx/CVE-2006-2746.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in F@cile Interactive Web 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in index.php, and the (2) mytheme and (3) myskin parameters in multiple \"p-themes\" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao. NOTE: vectors 2 and 3 might be resultant from file inclusion issues." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060528 Advisory: F@cile Interactive Web <= 0.8x Multiple RemoteVulnerabilities.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435283/100/0/threaded" - }, - { - "name" : "http://www.nukedx.com/?getxpl=35", - "refsource" : "MISC", - "url" : "http://www.nukedx.com/?getxpl=35" - }, - { - "name" : "http://www.nukedx.com/?viewdoc=35", - "refsource" : "MISC", - "url" : "http://www.nukedx.com/?viewdoc=35" - }, - { - "name" : "18151", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18151" - }, - { - "name" : "ADV-2006-2036", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2036" - }, - { - "name" : "26104", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26104" - }, - { - "name" : "26105", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26105" - }, - { - "name" : "20358", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20358" - }, - { - "name" : "1010", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in F@cile Interactive Web 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in index.php, and the (2) mytheme and (3) myskin parameters in multiple \"p-themes\" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao. NOTE: vectors 2 and 3 might be resultant from file inclusion issues." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060528 Advisory: F@cile Interactive Web <= 0.8x Multiple RemoteVulnerabilities.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435283/100/0/threaded" + }, + { + "name": "http://www.nukedx.com/?viewdoc=35", + "refsource": "MISC", + "url": "http://www.nukedx.com/?viewdoc=35" + }, + { + "name": "ADV-2006-2036", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2036" + }, + { + "name": "26105", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26105" + }, + { + "name": "http://www.nukedx.com/?getxpl=35", + "refsource": "MISC", + "url": "http://www.nukedx.com/?getxpl=35" + }, + { + "name": "18151", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18151" + }, + { + "name": "26104", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26104" + }, + { + "name": "20358", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20358" + }, + { + "name": "1010", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1010" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2767.json b/2006/2xxx/CVE-2006-2767.json index 47163609566..95a139a81c2 100644 --- a/2006/2xxx/CVE-2006-2767.json +++ b/2006/2xxx/CVE-2006-2767.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2767", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in Ottoman 1.1.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the default_path parameter in (1) error.php, (2) index.php, and (3) classes/main_class.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1854", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1854" - }, - { - "name" : "18208", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18208" - }, - { - "name" : "ADV-2006-2073", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2073" - }, - { - "name" : "25918", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25918" - }, - { - "name" : "25917", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25917" - }, - { - "name" : "25916", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25916" - }, - { - "name" : "20399", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20399" - }, - { - "name" : "ottoman-defaultpath-file-include(26894)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26894" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in Ottoman 1.1.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the default_path parameter in (1) error.php, (2) index.php, and (3) classes/main_class.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18208", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18208" + }, + { + "name": "20399", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20399" + }, + { + "name": "ADV-2006-2073", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2073" + }, + { + "name": "1854", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1854" + }, + { + "name": "25916", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25916" + }, + { + "name": "25917", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25917" + }, + { + "name": "25918", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25918" + }, + { + "name": "ottoman-defaultpath-file-include(26894)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26894" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2867.json b/2006/2xxx/CVE-2006-2867.json index ecacb3e76b3..d555afdd118 100644 --- a/2006/2xxx/CVE-2006-2867.json +++ b/2006/2xxx/CVE-2006-2867.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2867", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in editpost.php in CoolForum 0.8.3 beta and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060603 Critical SQL Injection in CoolForum", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435862/100/0/threaded" - }, - { - "name" : "http://mgsdl.free.fr/advisories/coolforum083ba.txt", - "refsource" : "MISC", - "url" : "http://mgsdl.free.fr/advisories/coolforum083ba.txt" - }, - { - "name" : "18268", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18268" - }, - { - "name" : "1016218", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016218" - }, - { - "name" : "1052", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1052" - }, - { - "name" : "coolforum-editpost-sql-injection(26920)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in editpost.php in CoolForum 0.8.3 beta and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "coolforum-editpost-sql-injection(26920)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26920" + }, + { + "name": "20060603 Critical SQL Injection in CoolForum", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435862/100/0/threaded" + }, + { + "name": "18268", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18268" + }, + { + "name": "http://mgsdl.free.fr/advisories/coolforum083ba.txt", + "refsource": "MISC", + "url": "http://mgsdl.free.fr/advisories/coolforum083ba.txt" + }, + { + "name": "1016218", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016218" + }, + { + "name": "1052", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1052" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5194.json b/2008/5xxx/CVE-2008-5194.json index 4e0e7c7aa56..6432dde4e91 100644 --- a/2008/5xxx/CVE-2008-5194.json +++ b/2008/5xxx/CVE-2008-5194.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in checkavail.php in SoftVisions Software Online Booking Manager (obm) 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5964", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5964" - }, - { - "name" : "30004", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30004" - }, - { - "name" : "30842", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30842" - }, - { - "name" : "4622", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4622" - }, - { - "name" : "ADV-2008-1976", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1976/references" - }, - { - "name" : "onlinebooking-checkavail-sql-injection(43448)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43448" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in checkavail.php in SoftVisions Software Online Booking Manager (obm) 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30004", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30004" + }, + { + "name": "5964", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5964" + }, + { + "name": "30842", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30842" + }, + { + "name": "ADV-2008-1976", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1976/references" + }, + { + "name": "4622", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4622" + }, + { + "name": "onlinebooking-checkavail-sql-injection(43448)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43448" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5201.json b/2008/5xxx/CVE-2008-5201.json index 11ddc95cfc0..5c6018d5ae1 100644 --- a/2008/5xxx/CVE-2008-5201.json +++ b/2008/5xxx/CVE-2008-5201.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in OTManager CMS 24a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conteudo parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5957", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5957" - }, - { - "name" : "29992", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29992" - }, - { - "name" : "4644", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4644" - }, - { - "name" : "otmanager-conteudo-file-include(43459)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in OTManager CMS 24a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conteudo parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4644", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4644" + }, + { + "name": "29992", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29992" + }, + { + "name": "otmanager-conteudo-file-include(43459)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43459" + }, + { + "name": "5957", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5957" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5219.json b/2008/5xxx/CVE-2008-5219.json index e663d5c1720..cf449a223bc 100644 --- a/2008/5xxx/CVE-2008-5219.json +++ b/2008/5xxx/CVE-2008-5219.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and earlier does not check for administrative authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified npass and npass1 parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7149", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7149" - }, - { - "name" : "49885", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/49885" - }, - { - "name" : "32718", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32718" - }, - { - "name" : "4634", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4634" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and earlier does not check for administrative authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified npass and npass1 parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49885", + "refsource": "OSVDB", + "url": "http://osvdb.org/49885" + }, + { + "name": "32718", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32718" + }, + { + "name": "7149", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7149" + }, + { + "name": "4634", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4634" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5273.json b/2008/5xxx/CVE-2008-5273.json index 25bc6689ca0..d5f9e4cb585 100644 --- a/2008/5xxx/CVE-2008-5273.json +++ b/2008/5xxx/CVE-2008-5273.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in viewnews.asp in Todd Woolums ASP News Management 2.2 allows remote attackers to execute arbitrary SQL commands via the newsID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5781", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5781" - }, - { - "name" : "29638", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29638" - }, - { - "name" : "30593", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30593" - }, - { - "name" : "4658", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4658" - }, - { - "name" : "aspnewsmanagement-viewnews-sql-injection(42964)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42964" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in viewnews.asp in Todd Woolums ASP News Management 2.2 allows remote attackers to execute arbitrary SQL commands via the newsID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5781", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5781" + }, + { + "name": "aspnewsmanagement-viewnews-sql-injection(42964)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42964" + }, + { + "name": "4658", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4658" + }, + { + "name": "29638", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29638" + }, + { + "name": "30593", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30593" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5525.json b/2008/5xxx/CVE-2008-5525.json index 4275eb5c8f1..c22248006d1 100644 --- a/2008/5xxx/CVE-2008-5525.json +++ b/2008/5xxx/CVE-2008-5525.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5525", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5525", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498995/100/0/threaded" - }, - { - "name" : "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499043/100/0/threaded" - }, - { - "name" : "4723", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4723" - }, - { - "name" : "multiple-antivirus-mzheader-code-execution(47435)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "multiple-antivirus-mzheader-code-execution(47435)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435" + }, + { + "name": "4723", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4723" + }, + { + "name": "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded" + }, + { + "name": "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2207.json b/2011/2xxx/CVE-2011-2207.json index 5bcf909cb94..308290975bd 100644 --- a/2011/2xxx/CVE-2011-2207.json +++ b/2011/2xxx/CVE-2011-2207.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2207", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2207", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2562.json b/2011/2xxx/CVE-2011-2562.json index d25915e89a2..d9e8901a140 100644 --- a/2011/2xxx/CVE-2011-2562.json +++ b/2011/2xxx/CVE-2011-2562.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2562", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (service outage) via a SIP INVITE message, aka Bug ID CSCth43256." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-2562", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110824 Cisco Unified Communications Manager Denial of Service Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (service outage) via a SIP INVITE message, aka Bug ID CSCth43256." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110824 Cisco Unified Communications Manager Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2810.json b/2011/2xxx/CVE-2011-2810.json index f1fd41eedf4..b2e06269dfc 100644 --- a/2011/2xxx/CVE-2011-2810.json +++ b/2011/2xxx/CVE-2011-2810.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2810", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-0253. Reason: This candidate is a reservation duplicate of CVE-2011-0253. Notes: All CVE users should reference CVE-2011-0253 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-2810", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-0253. Reason: This candidate is a reservation duplicate of CVE-2011-0253. Notes: All CVE users should reference CVE-2011-0253 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2861.json b/2011/2xxx/CVE-2011-2861.json index d63464bed42..c67ce80a2c8 100644 --- a/2011/2xxx/CVE-2011-2861.json +++ b/2011/2xxx/CVE-2011-2861.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2861", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 14.0.835.163 does not properly handle strings in PDF documents, which allows remote attackers to have an unspecified impact via a crafted document that triggers an incorrect read operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=93596", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=93596" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html" - }, - { - "name" : "75563", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/75563" - }, - { - "name" : "oval:org.mitre.oval:def:14677", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14677" - }, - { - "name" : "chrome-string-code-execution(69888)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 14.0.835.163 does not properly handle strings in PDF documents, which allows remote attackers to have an unspecified impact via a crafted document that triggers an incorrect read operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html" + }, + { + "name": "oval:org.mitre.oval:def:14677", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14677" + }, + { + "name": "75563", + "refsource": "OSVDB", + "url": "http://osvdb.org/75563" + }, + { + "name": "chrome-string-code-execution(69888)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69888" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=93596", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=93596" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3569.json b/2011/3xxx/CVE-2011-3569.json index 07c469f4f89..4a39553229f 100644 --- a/2011/3xxx/CVE-2011-3569.json +++ b/2011/3xxx/CVE-2011-3569.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect confidentiality via unknown vectors related to Web Services Security." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-3569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect confidentiality via unknown vectors related to Web Services Security." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3991.json b/2011/3xxx/CVE-2011-3991.json index 9b22df15eaf..7b962385f2f 100644 --- a/2011/3xxx/CVE-2011-3991.json +++ b/2011/3xxx/CVE-2011-3991.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3991", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in FFFTP 1.98a and earlier allows local users to execute arbitrary code via unspecified functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2011-3991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.jp/projects/ffftp/wiki/Security", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.jp/projects/ffftp/wiki/Security" - }, - { - "name" : "JVN#62336482", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN62336482/index.html" - }, - { - "name" : "JVNDB-2011-000091", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000091.html" - }, - { - "name" : "50412", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50412" - }, - { - "name" : "46649", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46649" - }, - { - "name" : "ffftp-code-execution(71020)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in FFFTP 1.98a and earlier allows local users to execute arbitrary code via unspecified functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ffftp-code-execution(71020)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71020" + }, + { + "name": "http://sourceforge.jp/projects/ffftp/wiki/Security", + "refsource": "CONFIRM", + "url": "http://sourceforge.jp/projects/ffftp/wiki/Security" + }, + { + "name": "46649", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46649" + }, + { + "name": "JVN#62336482", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN62336482/index.html" + }, + { + "name": "JVNDB-2011-000091", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000091.html" + }, + { + "name": "50412", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50412" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0211.json b/2013/0xxx/CVE-2013-0211.json index 067fee55c56..ba7d158ed54 100644 --- a/2013/0xxx/CVE-2013-0211.json +++ b/2013/0xxx/CVE-2013-0211.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=902998", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=902998" - }, - { - "name" : "https://github.com/libarchive/libarchive/commit/22531545514043e04633e1c015c7540b9de9dbe4", - "refsource" : "CONFIRM", - "url" : "https://github.com/libarchive/libarchive/commit/22531545514043e04633e1c015c7540b9de9dbe4" - }, - { - "name" : "FEDORA-2013-4522", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101876.html" - }, - { - "name" : "FEDORA-2013-4537", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101872.html" - }, - { - "name" : "FEDORA-2013-4576", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101700.html" - }, - { - "name" : "FEDORA-2013-4592", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101687.html" - }, - { - "name" : "FreeBSD-SA-16:23", - "refsource" : "FREEBSD", - "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:23.libarchive.asc" - }, - { - "name" : "MDVSA-2013:147", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:147" - }, - { - "name" : "openSUSE-SU-2015:0568", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00065.html" - }, - { - "name" : "USN-2549-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2549-1" - }, - { - "name" : "58926", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58926" - }, - { - "name" : "1035995", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035995" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/libarchive/libarchive/commit/22531545514043e04633e1c015c7540b9de9dbe4", + "refsource": "CONFIRM", + "url": "https://github.com/libarchive/libarchive/commit/22531545514043e04633e1c015c7540b9de9dbe4" + }, + { + "name": "FreeBSD-SA-16:23", + "refsource": "FREEBSD", + "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:23.libarchive.asc" + }, + { + "name": "MDVSA-2013:147", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:147" + }, + { + "name": "openSUSE-SU-2015:0568", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00065.html" + }, + { + "name": "FEDORA-2013-4522", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101876.html" + }, + { + "name": "58926", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58926" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=902998", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=902998" + }, + { + "name": "1035995", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035995" + }, + { + "name": "USN-2549-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2549-1" + }, + { + "name": "FEDORA-2013-4592", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101687.html" + }, + { + "name": "FEDORA-2013-4537", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101872.html" + }, + { + "name": "FEDORA-2013-4576", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101700.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0406.json b/2013/0xxx/CVE-2013-0406.json index a1e9418f6f7..904b252158b 100644 --- a/2013/0xxx/CVE-2013-0406.json +++ b/2013/0xxx/CVE-2013-0406.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0406", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors via vectors related to Kernel/IPsec." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-0406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "oval:org.mitre.oval:def:19224", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19224" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors via vectors related to Kernel/IPsec." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:19224", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19224" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0517.json b/2013/0xxx/CVE-2013-0517.json index bbbf9a67eb6..d516797d330 100644 --- a/2013/0xxx/CVE-2013-0517.json +++ b/2013/0xxx/CVE-2013-0517.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0517", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-0517", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0873.json b/2013/0xxx/CVE-2013-0873.json index a24d910c6cc..8f5bbf0e52f 100644 --- a/2013/0xxx/CVE-2013-0873.json +++ b/2013/0xxx/CVE-2013-0873.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The read_header function in libavcodec/shorten.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid channel count, related to \"freeing invalid addresses.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-0873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4f1279154ee9baf2078241bf5619774970d18b25", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4f1279154ee9baf2078241bf5619774970d18b25" - }, - { - "name" : "http://www.ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://www.ffmpeg.org/security.html" - }, - { - "name" : "GLSA-201603-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-06" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The read_header function in libavcodec/shorten.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid channel count, related to \"freeing invalid addresses.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4f1279154ee9baf2078241bf5619774970d18b25", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4f1279154ee9baf2078241bf5619774970d18b25" + }, + { + "name": "http://www.ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://www.ffmpeg.org/security.html" + }, + { + "name": "GLSA-201603-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-06" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1027.json b/2013/1xxx/CVE-2013-1027.json index 035822d8e65..33922c49e4a 100644 --- a/2013/1xxx/CVE-2013-1027.json +++ b/2013/1xxx/CVE-2013-1027.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-1027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5880", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5880" - }, - { - "name" : "APPLE-SA-2013-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2013-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" + }, + { + "name": "http://support.apple.com/kb/HT5880", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5880" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1056.json b/2013/1xxx/CVE-2013-1056.json index b697af25179..6476602df76 100644 --- a/2013/1xxx/CVE-2013-1056.json +++ b/2013/1xxx/CVE-2013-1056.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1056", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "X.org X server 1.13.3 and earlier, when not run as root, allows local users to cause a denial of service (crash) or possibly gain privileges via vectors involving cached xkb files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2013-1056", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "USN-1990-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1990-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "X.org X server 1.13.3 and earlier, when not run as root, allows local users to cause a denial of service (crash) or possibly gain privileges via vectors involving cached xkb files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1990-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1990-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1161.json b/2013/1xxx/CVE-2013-1161.json index f45bd787e9d..ae5ff98a930 100644 --- a/2013/1xxx/CVE-2013-1161.json +++ b/2013/1xxx/CVE-2013-1161.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XML parser in the Cisco Jabber IM application for Android allows remote authenticated users to cause a denial of service (blocked connection) by leveraging an entry on a Buddy list and sending a crafted XMPP presence update message, aka Bug ID CSCue38383." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130319 Cisco Jabber IM for Android Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1161" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XML parser in the Cisco Jabber IM application for Android allows remote authenticated users to cause a denial of service (blocked connection) by leveraging an entry on a Buddy list and sending a crafted XMPP presence update message, aka Bug ID CSCue38383." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130319 Cisco Jabber IM for Android Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1161" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1728.json b/2013/1xxx/CVE-2013-1728.json index deb7b00c8b3..9249bd13722 100644 --- a/2013/1xxx/CVE-2013-1728.json +++ b/2013/1xxx/CVE-2013-1728.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-1728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-85.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-85.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=883686", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=883686" - }, - { - "name" : "FEDORA-2013-16992", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html" - }, - { - "name" : "FEDORA-2013-17047", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html" - }, - { - "name" : "FEDORA-2013-17074", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html" - }, - { - "name" : "openSUSE-SU-2013:1491", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html" - }, - { - "name" : "openSUSE-SU-2013:1493", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html" - }, - { - "name" : "openSUSE-SU-2013:1495", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html" - }, - { - "name" : "openSUSE-SU-2013:1499", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html" - }, - { - "name" : "USN-1951-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1951-1" - }, - { - "name" : "USN-1952-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1952-1" - }, - { - "name" : "62468", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62468" - }, - { - "name" : "oval:org.mitre.oval:def:18902", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18902" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:18902", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18902" + }, + { + "name": "openSUSE-SU-2013:1491", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html" + }, + { + "name": "62468", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62468" + }, + { + "name": "FEDORA-2013-16992", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html" + }, + { + "name": "FEDORA-2013-17074", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html" + }, + { + "name": "USN-1952-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1952-1" + }, + { + "name": "USN-1951-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1951-1" + }, + { + "name": "FEDORA-2013-17047", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html" + }, + { + "name": "openSUSE-SU-2013:1493", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html" + }, + { + "name": "openSUSE-SU-2013:1499", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-85.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-85.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=883686", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=883686" + }, + { + "name": "openSUSE-SU-2013:1495", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1827.json b/2013/1xxx/CVE-2013-1827.json index 3d16c16c0e7..ca6cec73865 100644 --- a/2013/1xxx/CVE-2013-1827.json +++ b/2013/1xxx/CVE-2013-1827.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1827", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130307 Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/03/07/2" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=276bdb82dedb290511467a5a4fdbe9f0b52dce6f", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=276bdb82dedb290511467a5a4fdbe9f0b52dce6f" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.4", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=919164", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=919164" - }, - { - "name" : "https://github.com/torvalds/linux/commit/276bdb82dedb290511467a5a4fdbe9f0b52dce6f", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/276bdb82dedb290511467a5a4fdbe9f0b52dce6f" - }, - { - "name" : "RHSA-2013:0744", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0744.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/276bdb82dedb290511467a5a4fdbe9f0b52dce6f", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/276bdb82dedb290511467a5a4fdbe9f0b52dce6f" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.4", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.4" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=919164", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=919164" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=276bdb82dedb290511467a5a4fdbe9f0b52dce6f", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=276bdb82dedb290511467a5a4fdbe9f0b52dce6f" + }, + { + "name": "RHSA-2013:0744", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html" + }, + { + "name": "[oss-security] 20130307 Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/03/07/2" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1947.json b/2013/1xxx/CVE-2013-1947.json index 53034cf2570..713eb43e671 100644 --- a/2013/1xxx/CVE-2013-1947.json +++ b/2013/1xxx/CVE-2013-1947.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1947", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130410 Remote command injection in Ruby Gem kelredd-pruview 0.3.8", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/04/10/3" - }, - { - "name" : "[oss-security] 20130412 Re: Remote command injection in Ruby Gem kelredd-pruview 0.3.8", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/04/12/2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20130412 Re: Remote command injection in Ruby Gem kelredd-pruview 0.3.8", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/04/12/2" + }, + { + "name": "[oss-security] 20130410 Remote command injection in Ruby Gem kelredd-pruview 0.3.8", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/04/10/3" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4055.json b/2013/4xxx/CVE-2013-4055.json index 76410c7bccb..1f7f2bcbea3 100644 --- a/2013/4xxx/CVE-2013-4055.json +++ b/2013/4xxx/CVE-2013-4055.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-4051." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-4055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21652988", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21652988" - }, - { - "name" : "domino-webadmin-cve20134055-xss(86544)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86544" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-4051." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "domino-webadmin-cve20134055-xss(86544)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86544" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21652988", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21652988" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4164.json b/2013/4xxx/CVE-2013-4164.json index 97dbc9ac0d5..d75a71ebdc0 100644 --- a/2013/4xxx/CVE-2013-4164.json +++ b/2013/4xxx/CVE-2013-4164.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4164", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164", - "refsource" : "CONFIRM", - "url" : "https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164" - }, - { - "name" : "https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released", - "refsource" : "CONFIRM", - "url" : "https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released" - }, - { - "name" : "https://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released", - "refsource" : "CONFIRM", - "url" : "https://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released" - }, - { - "name" : "https://support.apple.com/kb/HT6536", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/kb/HT6536" - }, - { - "name" : "https://puppet.com/security/cve/cve-2013-4164", - "refsource" : "CONFIRM", - "url" : "https://puppet.com/security/cve/cve-2013-4164" - }, - { - "name" : "APPLE-SA-2014-04-22-1", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html" - }, - { - "name" : "APPLE-SA-2014-10-16-3", - "refsource" : "APPLE", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html" - }, - { - "name" : "DSA-2810", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2810" - }, - { - "name" : "DSA-2809", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2809" - }, - { - "name" : "RHSA-2013:1763", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1763.html" - }, - { - "name" : "RHSA-2013:1764", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1764.html" - }, - { - "name" : "RHSA-2013:1767", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1767.html" - }, - { - "name" : "RHSA-2014:0011", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0011.html" - }, - { - "name" : "RHSA-2014:0215", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0215.html" - }, - { - "name" : "openSUSE-SU-2013:1834", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00027.html" - }, - { - "name" : "openSUSE-SU-2013:1835", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00028.html" - }, - { - "name" : "SUSE-SU-2013:1897", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00009.html" - }, - { - "name" : "USN-2035-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2035-1" - }, - { - "name" : "63873", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63873" - }, - { - "name" : "100113", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/100113" - }, - { - "name" : "55787", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55787" - }, - { - "name" : "57376", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57376" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://puppet.com/security/cve/cve-2013-4164", + "refsource": "CONFIRM", + "url": "https://puppet.com/security/cve/cve-2013-4164" + }, + { + "name": "APPLE-SA-2014-10-16-3", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html" + }, + { + "name": "openSUSE-SU-2013:1835", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00028.html" + }, + { + "name": "USN-2035-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2035-1" + }, + { + "name": "APPLE-SA-2014-04-22-1", + "refsource": "APPLE", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html" + }, + { + "name": "RHSA-2014:0215", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html" + }, + { + "name": "SUSE-SU-2013:1897", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00009.html" + }, + { + "name": "RHSA-2013:1763", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1763.html" + }, + { + "name": "RHSA-2013:1764", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1764.html" + }, + { + "name": "https://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released", + "refsource": "CONFIRM", + "url": "https://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released" + }, + { + "name": "63873", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63873" + }, + { + "name": "https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164", + "refsource": "CONFIRM", + "url": "https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164" + }, + { + "name": "RHSA-2013:1767", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1767.html" + }, + { + "name": "RHSA-2014:0011", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0011.html" + }, + { + "name": "openSUSE-SU-2013:1834", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00027.html" + }, + { + "name": "https://support.apple.com/kb/HT6536", + "refsource": "CONFIRM", + "url": "https://support.apple.com/kb/HT6536" + }, + { + "name": "100113", + "refsource": "OSVDB", + "url": "http://osvdb.org/100113" + }, + { + "name": "DSA-2810", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2810" + }, + { + "name": "57376", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57376" + }, + { + "name": "https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released", + "refsource": "CONFIRM", + "url": "https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released" + }, + { + "name": "DSA-2809", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2809" + }, + { + "name": "55787", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55787" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4296.json b/2013/4xxx/CVE-2013-4296.json index 425ea458be4..4de45b5a40c 100644 --- a/2013/4xxx/CVE-2013-4296.json +++ b/2013/4xxx/CVE-2013-4296.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://libvirt.org/git/?p=libvirt.git;a=commit;h=e7f400a110e2e3673b96518170bfea0855dd82c0", - "refsource" : "CONFIRM", - "url" : "http://libvirt.org/git/?p=libvirt.git;a=commit;h=e7f400a110e2e3673b96518170bfea0855dd82c0" - }, - { - "name" : "http://wiki.libvirt.org/page/Maintenance_Releases", - "refsource" : "CONFIRM", - "url" : "http://wiki.libvirt.org/page/Maintenance_Releases" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1006173", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1006173" - }, - { - "name" : "DSA-2764", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2764" - }, - { - "name" : "GLSA-201412-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201412-04.xml" - }, - { - "name" : "RHSA-2013:1272", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1272.html" - }, - { - "name" : "RHSA-2013:1460", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1460.html" - }, - { - "name" : "openSUSE-SU-2013:1549", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-10/msg00023.html" - }, - { - "name" : "openSUSE-SU-2013:1550", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html" - }, - { - "name" : "USN-1954-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1954-1" - }, - { - "name" : "60895", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60895" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60895", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60895" + }, + { + "name": "GLSA-201412-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201412-04.xml" + }, + { + "name": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=e7f400a110e2e3673b96518170bfea0855dd82c0", + "refsource": "CONFIRM", + "url": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=e7f400a110e2e3673b96518170bfea0855dd82c0" + }, + { + "name": "DSA-2764", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2764" + }, + { + "name": "USN-1954-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1954-1" + }, + { + "name": "http://wiki.libvirt.org/page/Maintenance_Releases", + "refsource": "CONFIRM", + "url": "http://wiki.libvirt.org/page/Maintenance_Releases" + }, + { + "name": "RHSA-2013:1272", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1272.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1006173", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006173" + }, + { + "name": "RHSA-2013:1460", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1460.html" + }, + { + "name": "openSUSE-SU-2013:1550", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html" + }, + { + "name": "openSUSE-SU-2013:1549", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00023.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4692.json b/2013/4xxx/CVE-2013-4692.json index 726f2cebd22..c0ce679d974 100644 --- a/2013/4xxx/CVE-2013-4692.json +++ b/2013/4xxx/CVE-2013-4692.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4692", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4692", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5109.json b/2013/5xxx/CVE-2013-5109.json index 06efbf98ca6..143eb126fa2 100644 --- a/2013/5xxx/CVE-2013-5109.json +++ b/2013/5xxx/CVE-2013-5109.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5109", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5109", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5837.json b/2013/5xxx/CVE-2013-5837.json index d25779080a4..bde3ad93ae9 100644 --- a/2013/5xxx/CVE-2013-5837.json +++ b/2013/5xxx/CVE-2013-5837.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5837", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, 5.0 SP1a-b, 5.0.3, and 5.0.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Cognos." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" - }, - { - "name" : "63081", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63081" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, 5.0 SP1a-b, 5.0.3, and 5.0.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Cognos." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "63081", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63081" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000140.json b/2017/1000xxx/CVE-2017-1000140.json index 5297d9cba4b..2e7ce591ef9 100644 --- a/2017/1000xxx/CVE-2017-1000140.json +++ b/2017/1000xxx/CVE-2017-1000140.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.351746", - "ID" : "CVE-2017-1000140", - "REQUESTER" : "info@mahara.org", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Mahara", - "version" : { - "version_data" : [ - { - "version_value" : "<1.8.7, <1.9.5, <1.10.3, <15.04.0" - } - ] - } - } - ] - }, - "vendor_name" : "Mahara" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to download the file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.351746", + "ID": "CVE-2017-1000140", + "REQUESTER": "info@mahara.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/mahara/+bug/1404117", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/mahara/+bug/1404117" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to download the file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/mahara/+bug/1404117", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/mahara/+bug/1404117" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12241.json b/2017/12xxx/CVE-2017-12241.json index 4dd49c7c19d..9ae07b5d968 100644 --- a/2017/12xxx/CVE-2017-12241.json +++ b/2017/12xxx/CVE-2017-12241.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12241", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12241", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12598.json b/2017/12xxx/CVE-2017-12598.json index 236771850e2..bfc2c4252ae 100644 --- a/2017/12xxx/CVE-2017-12598.json +++ b/2017/12xxx/CVE-2017-12598.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the cv::RBaseStream::readBlock function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 8-opencv-invalid-read-fread test case." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180722 [SECURITY] [DLA 1438-1] opencv security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html" - }, - { - "name" : "https://github.com/opencv/opencv/issues/9309", - "refsource" : "MISC", - "url" : "https://github.com/opencv/opencv/issues/9309" - }, - { - "name" : "https://github.com/xiaoqx/pocs/blob/master/opencv.md", - "refsource" : "MISC", - "url" : "https://github.com/xiaoqx/pocs/blob/master/opencv.md" - }, - { - "name" : "GLSA-201712-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201712-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the cv::RBaseStream::readBlock function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 8-opencv-invalid-read-fread test case." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180722 [SECURITY] [DLA 1438-1] opencv security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html" + }, + { + "name": "GLSA-201712-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201712-02" + }, + { + "name": "https://github.com/xiaoqx/pocs/blob/master/opencv.md", + "refsource": "MISC", + "url": "https://github.com/xiaoqx/pocs/blob/master/opencv.md" + }, + { + "name": "https://github.com/opencv/opencv/issues/9309", + "refsource": "MISC", + "url": "https://github.com/opencv/opencv/issues/9309" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12991.json b/2017/12xxx/CVE-2017-12991.json index 5bb7e006ded..f270bb2e91c 100644 --- a/2017/12xxx/CVE-2017-12991.json +++ b/2017/12xxx/CVE-2017-12991.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12991", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tcpdump.org/tcpdump-changes.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tcpdump.org/tcpdump-changes.txt" - }, - { - "name" : "https://github.com/the-tcpdump-group/tcpdump/commit/50a44b6b8e4f7c127440dbd4239cf571945cc1e7", - "refsource" : "CONFIRM", - "url" : "https://github.com/the-tcpdump-group/tcpdump/commit/50a44b6b8e4f7c127440dbd4239cf571945cc1e7" - }, - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "DSA-3971", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3971" - }, - { - "name" : "GLSA-201709-23", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-23" - }, - { - "name" : "RHEA-2018:0705", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHEA-2018:0705" - }, - { - "name" : "1039307", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201709-23", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-23" + }, + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "DSA-3971", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3971" + }, + { + "name": "1039307", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039307" + }, + { + "name": "https://github.com/the-tcpdump-group/tcpdump/commit/50a44b6b8e4f7c127440dbd4239cf571945cc1e7", + "refsource": "CONFIRM", + "url": "https://github.com/the-tcpdump-group/tcpdump/commit/50a44b6b8e4f7c127440dbd4239cf571945cc1e7" + }, + { + "name": "http://www.tcpdump.org/tcpdump-changes.txt", + "refsource": "CONFIRM", + "url": "http://www.tcpdump.org/tcpdump-changes.txt" + }, + { + "name": "RHEA-2018:0705", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHEA-2018:0705" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13264.json b/2017/13xxx/CVE-2017-13264.json index fea157a068e..3c3dae29aaa 100644 --- a/2017/13xxx/CVE-2017-13264.json +++ b/2017/13xxx/CVE-2017-13264.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-03-05T00:00:00", - "ID" : "CVE-2017-13264", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A other vulnerability in the Android media framework (Avcdec). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70294343." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Other" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-03-05T00:00:00", + "ID": "CVE-2017-13264", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A other vulnerability in the Android media framework (Avcdec). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70294343." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2018-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13537.json b/2017/13xxx/CVE-2017-13537.json index 2ff8a140a98..f652111b312 100644 --- a/2017/13xxx/CVE-2017-13537.json +++ b/2017/13xxx/CVE-2017-13537.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13537", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13537", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16029.json b/2017/16xxx/CVE-2017-16029.json index 6ab3bb2ef11..76304a2cf9f 100644 --- a/2017/16xxx/CVE-2017-16029.json +++ b/2017/16xxx/CVE-2017-16029.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16029", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "hostr node module", - "version" : { - "version_data" : [ - { - "version_value" : "<=2.3.5" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "hostr is a simple web server that serves up the contents of the current directory. There is a directory traversal vulnerability in hostr 2.3.5 and earlier that allows an attacker to read files outside the current directory by sending `../` in the url path for GET requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16029", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "hostr node module", + "version": { + "version_data": [ + { + "version_value": "<=2.3.5" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/henrytseng/hostr/issues/8", - "refsource" : "MISC", - "url" : "https://github.com/henrytseng/hostr/issues/8" - }, - { - "name" : "https://nodesecurity.io/advisories/303", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/303" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "hostr is a simple web server that serves up the contents of the current directory. There is a directory traversal vulnerability in hostr 2.3.5 and earlier that allows an attacker to read files outside the current directory by sending `../` in the url path for GET requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/henrytseng/hostr/issues/8", + "refsource": "MISC", + "url": "https://github.com/henrytseng/hostr/issues/8" + }, + { + "name": "https://nodesecurity.io/advisories/303", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/303" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16355.json b/2017/16xxx/CVE-2017-16355.json index 707c63742fe..dd17466a6fb 100644 --- a/2017/16xxx/CVE-2017-16355.json +++ b/2017/16xxx/CVE-2017-16355.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16355", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16355", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/", - "refsource" : "CONFIRM", - "url" : "https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/" - }, - { - "name" : "https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf", - "refsource" : "CONFIRM", - "url" : "https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/", + "refsource": "CONFIRM", + "url": "https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/" + }, + { + "name": "https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf", + "refsource": "CONFIRM", + "url": "https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16362.json b/2017/16xxx/CVE-2017-16362.json index fb19c9e5115..694690a79e7 100644 --- a/2017/16xxx/CVE-2017-16362.json +++ b/2017/16xxx/CVE-2017-16362.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-16362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of an out of bounds read vulnerability in the MakeAccesible plugin, when handling font data. It causes an out of bounds memory access, which sometimes triggers an access violation exception. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds Read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-16362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" - }, - { - "name" : "102140", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102140" - }, - { - "name" : "1039791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of an out of bounds read vulnerability in the MakeAccesible plugin, when handling font data. It causes an out of bounds memory access, which sometimes triggers an access violation exception. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039791" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" + }, + { + "name": "102140", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102140" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16445.json b/2017/16xxx/CVE-2017-16445.json index 41c3e481f44..111f6a038ff 100644 --- a/2017/16xxx/CVE-2017-16445.json +++ b/2017/16xxx/CVE-2017-16445.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16445", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-16445", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16827.json b/2017/16xxx/CVE-2017-16827.json index 1d344bbff66..77c6b8e2f6e 100644 --- a/2017/16xxx/CVE-2017-16827.json +++ b/2017/16xxx/CVE-2017-16827.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16827", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22306", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22306" - }, - { - "name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0301ce1486b1450f219202677f30d0fa97335419", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0301ce1486b1450f219202677f30d0fa97335419" - }, - { - "name" : "GLSA-201811-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-17" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201811-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-17" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22306", + "refsource": "CONFIRM", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22306" + }, + { + "name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0301ce1486b1450f219202677f30d0fa97335419", + "refsource": "CONFIRM", + "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0301ce1486b1450f219202677f30d0fa97335419" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4047.json b/2017/4xxx/CVE-2017-4047.json index 51f89256b28..63609517bc5 100644 --- a/2017/4xxx/CVE-2017-4047.json +++ b/2017/4xxx/CVE-2017-4047.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4047", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4047", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4493.json b/2017/4xxx/CVE-2017-4493.json index a48928c94f3..37025651450 100644 --- a/2017/4xxx/CVE-2017-4493.json +++ b/2017/4xxx/CVE-2017-4493.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4493", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4493", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4614.json b/2017/4xxx/CVE-2017-4614.json index 92375b15d87..61e5afccb8c 100644 --- a/2017/4xxx/CVE-2017-4614.json +++ b/2017/4xxx/CVE-2017-4614.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4614", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4614", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18392.json b/2018/18xxx/CVE-2018-18392.json index 5adb9cbcf4b..e65997c6849 100644 --- a/2018/18xxx/CVE-2018-18392.json +++ b/2018/18xxx/CVE-2018-18392.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnerability@kaspersky.com", - "DATE_PUBLIC" : "2018-10-18T00:00:00", - "ID" : "CVE-2018-18392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ThingsPro IIoT Gateway and Device Management Software Solutions", - "version" : { - "version_data" : [ - { - "version_value" : "2.1" - } - ] - } - } - ] - }, - "vendor_name" : "Moxa" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation via Broken Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "vulnerability@kaspersky.com", + "DATE_PUBLIC": "2018-10-18T00:00:00", + "ID": "CVE-2018-18392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ThingsPro IIoT Gateway and Device Management Software Solutions", + "version": { + "version_data": [ + { + "version_value": "2.1" + } + ] + } + } + ] + }, + "vendor_name": "Moxa" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/10/18/klcert-18-020-moxa-thingspro-iiot-gateway-and-device-management-software-solutions-broken-access-control/", - "refsource" : "MISC", - "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/10/18/klcert-18-020-moxa-thingspro-iiot-gateway-and-device-management-software-solutions-broken-access-control/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation via Broken Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/10/18/klcert-18-020-moxa-thingspro-iiot-gateway-and-device-management-software-solutions-broken-access-control/", + "refsource": "MISC", + "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/10/18/klcert-18-020-moxa-thingspro-iiot-gateway-and-device-management-software-solutions-broken-access-control/" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18697.json b/2018/18xxx/CVE-2018-18697.json index 5081867af6f..602eb5b3ac0 100644 --- a/2018/18xxx/CVE-2018-18697.json +++ b/2018/18xxx/CVE-2018-18697.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18697", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18697", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18788.json b/2018/18xxx/CVE-2018-18788.json index 78e833e5d67..accb2dff592 100644 --- a/2018/18xxx/CVE-2018-18788.json +++ b/2018/18xxx/CVE-2018-18788.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18788", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an admin user login.)" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md", - "refsource" : "MISC", - "url" : "https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an admin user login.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md", + "refsource": "MISC", + "url": "https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18895.json b/2018/18xxx/CVE-2018-18895.json index 01ef46cffa9..320eb48c200 100644 --- a/2018/18xxx/CVE-2018-18895.json +++ b/2018/18xxx/CVE-2018-18895.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18895", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3004. Reason: This candidate is a duplicate of CVE-2014-3004. Notes: All CVE users should reference CVE-2014-3004 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-18895", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3004. Reason: This candidate is a duplicate of CVE-2014-3004. Notes: All CVE users should reference CVE-2014-3004 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5179.json b/2018/5xxx/CVE-2018-5179.json index e1b9fd1c673..27fb98c9d13 100644 --- a/2018/5xxx/CVE-2018-5179.json +++ b/2018/5xxx/CVE-2018-5179.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5179", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5179", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5432.json b/2018/5xxx/CVE-2018-5432.json index 2c6da8ca54c..f93bdb72d29 100644 --- a/2018/5xxx/CVE-2018-5432.json +++ b/2018/5xxx/CVE-2018-5432.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@tibco.com", - "DATE_PUBLIC" : "2018-06-12T16:00:00.000Z", - "ID" : "CVE-2018-5432", - "STATE" : "PUBLIC", - "TITLE" : "TIBCO Administrator - Enterprise Edition Cross-Site Scripting Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TIBCO Administrator - Enterprise Edition", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "5.10.0" - } - ] - } - }, - { - "product_name" : "TIBCO Administrator - Enterprise Edition for z/Linux", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "5.9.1" - } - ] - } - } - ] - }, - "vendor_name" : "TIBCO Software Inc." - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "TIBCO would like to extend its appreciation to Baker Hamilton at Bishop Fox for discovery of this vulnerability." - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting (XSS) attacks by way of manipulating artifacts prior to uploading them. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 8, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "The impact of the vulnerability includes the theoretical possibility of a user performing operations using another user's access, including administrative functions being performed by a non-administrative user. The impact also theoretically includes access to all administrative information, including deployment variable settings (\"global variables\")" - } + "CVE_data_meta": { + "ASSIGNER": "security@tibco.com", + "DATE_PUBLIC": "2018-06-12T16:00:00.000Z", + "ID": "CVE-2018-5432", + "STATE": "PUBLIC", + "TITLE": "TIBCO Administrator - Enterprise Edition Cross-Site Scripting Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TIBCO Administrator - Enterprise Edition", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "5.10.0" + } + ] + } + }, + { + "product_name": "TIBCO Administrator - Enterprise Edition for z/Linux", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "5.9.1" + } + ] + } + } + ] + }, + "vendor_name": "TIBCO Software Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-administrator-enterprise-edition-2018-5432", - "refsource" : "CONFIRM", - "url" : "https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-administrator-enterprise-edition-2018-5432" - }, - { - "name" : "104458", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104458" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "TIBCO has released updated versions of the affected components which address these issues.\n\nFor each affected system, update to the corresponding software versions:\nTIBCO Administrator - Enterprise Edition versions 5.10.0 and below update to version 5.10.1 or higher\nTIBCO Administrator - Enterprise Edition for z/Linux versions 5.9.1 and below update to version 5.10.1 or higher\n" - } - ], - "source" : { - "discovery" : "EXTERNAL" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "TIBCO would like to extend its appreciation to Baker Hamilton at Bishop Fox for discovery of this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting (XSS) attacks by way of manipulating artifacts prior to uploading them. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The impact of the vulnerability includes the theoretical possibility of a user performing operations using another user's access, including administrative functions being performed by a non-administrative user. The impact also theoretically includes access to all administrative information, including deployment variable settings (\"global variables\")" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104458", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104458" + }, + { + "name": "https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-administrator-enterprise-edition-2018-5432", + "refsource": "CONFIRM", + "url": "https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-administrator-enterprise-edition-2018-5432" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nFor each affected system, update to the corresponding software versions:\nTIBCO Administrator - Enterprise Edition versions 5.10.0 and below update to version 5.10.1 or higher\nTIBCO Administrator - Enterprise Edition for z/Linux versions 5.9.1 and below update to version 5.10.1 or higher\n" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5531.json b/2018/5xxx/CVE-2018-5531.json index 326b533128b..37588d3abee 100644 --- a/2018/5xxx/CVE-2018-5531.json +++ b/2018/5xxx/CVE-2018-5531.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "DATE_PUBLIC" : "2018-07-24T00:00:00", - "ID" : "CVE-2018-5531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)", - "version" : { - "version_data" : [ - { - "version_value" : "13.0.0-13.1.0.7" - }, - { - "version_value" : "12.1.0-12.1.3.5" - }, - { - "version_value" : "11.6.0-11.6.3.1" - }, - { - "version_value" : "11.2.1-11.5.6" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Through undisclosed methods, on F5 BIG-IP 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6, adjacent network attackers can cause a denial of service for VCMP guest and host systems. Attack must be sourced from adjacent network (layer 2)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DoS" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2018-07-24T00:00:00", + "ID": "CVE-2018-5531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)", + "version": { + "version_data": [ + { + "version_value": "13.0.0-13.1.0.7" + }, + { + "version_value": "12.1.0-12.1.3.5" + }, + { + "version_value": "11.6.0-11.6.3.1" + }, + { + "version_value": "11.2.1-11.5.6" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K64721111", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K64721111" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Through undisclosed methods, on F5 BIG-IP 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6, adjacent network attackers can cause a denial of service for VCMP guest and host systems. Attack must be sourced from adjacent network (layer 2)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K64721111", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K64721111" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5764.json b/2018/5xxx/CVE-2018-5764.json index 681996cdb35..27aff55a4a0 100644 --- a/2018/5xxx/CVE-2018-5764.json +++ b/2018/5xxx/CVE-2018-5764.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180119 [SECURITY] [DLA 1247-1] rsync security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00021.html" - }, - { - "name" : "https://download.samba.org/pub/rsync/src-previews/rsync-3.1.3pre1-NEWS", - "refsource" : "CONFIRM", - "url" : "https://download.samba.org/pub/rsync/src-previews/rsync-3.1.3pre1-NEWS" - }, - { - "name" : "https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=7706303828fcde524222babb2833864a4bd09e07", - "refsource" : "CONFIRM", - "url" : "https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=7706303828fcde524222babb2833864a4bd09e07" - }, - { - "name" : "GLSA-201805-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201805-04" - }, - { - "name" : "USN-3543-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3543-1/" - }, - { - "name" : "102803", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102803" - }, - { - "name" : "1040276", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040276" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180119 [SECURITY] [DLA 1247-1] rsync security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00021.html" + }, + { + "name": "https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=7706303828fcde524222babb2833864a4bd09e07", + "refsource": "CONFIRM", + "url": "https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=7706303828fcde524222babb2833864a4bd09e07" + }, + { + "name": "1040276", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040276" + }, + { + "name": "USN-3543-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3543-1/" + }, + { + "name": "GLSA-201805-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201805-04" + }, + { + "name": "102803", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102803" + }, + { + "name": "https://download.samba.org/pub/rsync/src-previews/rsync-3.1.3pre1-NEWS", + "refsource": "CONFIRM", + "url": "https://download.samba.org/pub/rsync/src-previews/rsync-3.1.3pre1-NEWS" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5901.json b/2018/5xxx/CVE-2018-5901.json index 5b601fe3a8a..af720770e53 100644 --- a/2018/5xxx/CVE-2018-5901.json +++ b/2018/5xxx/CVE-2018-5901.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5901", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5901", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file