diff --git a/2001/0xxx/CVE-2001-0074.json b/2001/0xxx/CVE-2001-0074.json index 6f9a86f8f88..cf69a4d449d 100644 --- a/2001/0xxx/CVE-2001-0074.json +++ b/2001/0xxx/CVE-2001-0074.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0074", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in print.cgi in Technote allows remote attackers to read arbitrary files via a .. (dot dot) attack in the board parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001223 Technote", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/153007" - }, - { - "name" : "2155", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2155" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in print.cgi in Technote allows remote attackers to read arbitrary files via a .. (dot dot) attack in the board parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20001223 Technote", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/153007" + }, + { + "name": "2155", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2155" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0094.json b/2001/0xxx/CVE-2001-0094.json index 1757c4f1112..6673f540ef2 100644 --- a/2001/0xxx/CVE-2001-0094.json +++ b/2001/0xxx/CVE-2001-0094.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in kdc_reply_cipher of libkrb (Kerberos 4 authentication library) in NetBSD 1.5 and FreeBSD 4.2 and earlier, as used in Kerberised applications such as telnetd and login, allows local users to gain root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "NetBSD-SA2000-017", - "refsource" : "NETBSD", - "url" : "ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-017.txt.asc" - }, - { - "name" : "FreeBSD-SA-01:25", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:25.kerberosIV.asc" - }, - { - "name" : "kerberos4-auth-packet-overflow(5734)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5734" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in kdc_reply_cipher of libkrb (Kerberos 4 authentication library) in NetBSD 1.5 and FreeBSD 4.2 and earlier, as used in Kerberised applications such as telnetd and login, allows local users to gain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "NetBSD-SA2000-017", + "refsource": "NETBSD", + "url": "ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-017.txt.asc" + }, + { + "name": "FreeBSD-SA-01:25", + "refsource": "FREEBSD", + "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:25.kerberosIV.asc" + }, + { + "name": "kerberos4-auth-packet-overflow(5734)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5734" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0225.json b/2001/0xxx/CVE-2001-0225.json index e455e372abf..84290dc8f4d 100644 --- a/2001/0xxx/CVE-2001-0225.json +++ b/2001/0xxx/CVE-2001-0225.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0225", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fortran math component in Infobot 0.44.5.3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0225", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010207 Infobot 0.44.5.3/below remotely vulnerable (also in FreeBSD ports tree)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-02/0127.html" - }, - { - "name" : "2349", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2349" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fortran math component in Infobot 0.44.5.3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010207 Infobot 0.44.5.3/below remotely vulnerable (also in FreeBSD ports tree)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0127.html" + }, + { + "name": "2349", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2349" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0339.json b/2001/0xxx/CVE-2001-0339.json index df011bdd945..714c3afc986 100644 --- a/2001/0xxx/CVE-2001-0339.json +++ b/2001/0xxx/CVE-2001-0339.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0339", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the \"Web page spoofing vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0339", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS01-027", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-027" - }, - { - "name" : "L-087", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/l-087.shtml" - }, - { - "name" : "ie-html-url-spoofing(6556)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6556" - }, - { - "name" : "2737", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2737" - }, - { - "name" : "5694", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5694" - }, - { - "name" : "oval:org.mitre.oval:def:1096", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1096" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the \"Web page spoofing vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS01-027", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-027" + }, + { + "name": "5694", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5694" + }, + { + "name": "oval:org.mitre.oval:def:1096", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1096" + }, + { + "name": "2737", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2737" + }, + { + "name": "L-087", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/l-087.shtml" + }, + { + "name": "ie-html-url-spoofing(6556)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6556" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0580.json b/2001/0xxx/CVE-2001-0580.json index 1e96a292ef4..dfb6690df82 100644 --- a/2001/0xxx/CVE-2001-0580.json +++ b/2001/0xxx/CVE-2001-0580.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Hughes Technologies Virtual DNS (VDNS) Server 1.0 allows a remote attacker to create a denial of service by connecting to port 6070, sending some data, and closing the connection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "200105007 Advisory for Vdns ", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-05/0050.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hughes Technologies Virtual DNS (VDNS) Server 1.0 allows a remote attacker to create a denial of service by connecting to port 6070, sending some data, and closing the connection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BUGTRAQ", + "name": "200105007 Advisory for Vdns", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0050.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1361.json b/2001/1xxx/CVE-2001-1361.json index 5d163f58381..ba57c887dc4 100644 --- a/2001/1xxx/CVE-2001-1361.json +++ b/2001/1xxx/CVE-2001-1361.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://twig.screwdriver.net/file.php3?file=CHANGELOG", - "refsource" : "CONFIRM", - "url" : "http://twig.screwdriver.net/file.php3?file=CHANGELOG" - }, - { - "name" : "20010719 [VulnWatch] Changelog maddness (14 various broken apps)", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010719 [VulnWatch] Changelog maddness (14 various broken apps)", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html" + }, + { + "name": "http://twig.screwdriver.net/file.php3?file=CHANGELOG", + "refsource": "CONFIRM", + "url": "http://twig.screwdriver.net/file.php3?file=CHANGELOG" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2133.json b/2006/2xxx/CVE-2006-2133.json index 04be907f6db..387867dce83 100644 --- a/2006/2xxx/CVE-2006-2133.json +++ b/2006/2xxx/CVE-2006-2133.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in BoonEx Barracuda 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) link_dir_target and (2) link_id_target parameter, possibly involving the link_edit functionality." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/04/barracuda-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/04/barracuda-vuln.html" - }, - { - "name" : "barracuda-index-sql-injection(26175)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26175" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in BoonEx Barracuda 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) link_dir_target and (2) link_id_target parameter, possibly involving the link_edit functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2006/04/barracuda-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/04/barracuda-vuln.html" + }, + { + "name": "barracuda-index-sql-injection(26175)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26175" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2233.json b/2006/2xxx/CVE-2006-2233.json index 73447399ec7..f5cf36425d3 100644 --- a/2006/2xxx/CVE-2006-2233.json +++ b/2006/2xxx/CVE-2006-2233.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2233", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in BankTown Client Control (aka BtCxCtl20Com) 1.4.2.51817, and possibly 1.5.2.50209, allows remote attackers to execute arbitrary code via a long string in the first argument to SetBannerUrl. NOTE: portions of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060503 BankTown's ActiveX Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/432862/100/0/threaded" - }, - { - "name" : "20060503 BankTown's ActiveX Buffer Overflow Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0037.html" - }, - { - "name" : "20060508 Re: BankTown's ActiveX Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433242/100/0/threaded" - }, - { - "name" : "17815", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17815" - }, - { - "name" : "ADV-2006-1638", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1638" - }, - { - "name" : "25212", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25212" - }, - { - "name" : "19942", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19942" - }, - { - "name" : "855", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/855" - }, - { - "name" : "banktown-setbannerurl-bo(26214)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26214" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in BankTown Client Control (aka BtCxCtl20Com) 1.4.2.51817, and possibly 1.5.2.50209, allows remote attackers to execute arbitrary code via a long string in the first argument to SetBannerUrl. NOTE: portions of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19942", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19942" + }, + { + "name": "855", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/855" + }, + { + "name": "17815", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17815" + }, + { + "name": "ADV-2006-1638", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1638" + }, + { + "name": "20060503 BankTown's ActiveX Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/432862/100/0/threaded" + }, + { + "name": "20060503 BankTown's ActiveX Buffer Overflow Vulnerability", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0037.html" + }, + { + "name": "20060508 Re: BankTown's ActiveX Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433242/100/0/threaded" + }, + { + "name": "25212", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25212" + }, + { + "name": "banktown-setbannerurl-bo(26214)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26214" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2686.json b/2006/2xxx/CVE-2006-2686.json index 145757fb9ed..5eff8e9026d 100644 --- a/2006/2xxx/CVE-2006-2686.json +++ b/2006/2xxx/CVE-2006-2686.json @@ -1,362 +1,362 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[AA_INC_PATH] parameter in (1) cached.php3, (2) cron.php3, (3) discussion.php3, (4) filldisc.php3, (5) filler.php3, (6) fillform.php3, (7) go.php3, (8) hiercons.php3, (9) jsview.php3, (10) live_checkbox.php3, (11) offline.php3, (12) post2shtml.php3, (13) search.php3, (14) slice.php3, (15) sql_update.php3, (16) view.php3, (17) multiple files in the (18) admin/ folder, (19) includes folder, and (20) modules/ folder." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1829", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1829" - }, - { - "name" : "19133", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19133" - }, - { - "name" : "ADV-2006-1997", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1997" - }, - { - "name" : "27256", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27256" - }, - { - "name" : "27257", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27257" - }, - { - "name" : "27260", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27260" - }, - { - "name" : "27261", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27261" - }, - { - "name" : "27262", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27262" - }, - { - "name" : "27263", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27263" - }, - { - "name" : "27275", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27275" - }, - { - "name" : "27282", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27282" - }, - { - "name" : "27285", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27285" - }, - { - "name" : "27297", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27297" - }, - { - "name" : "27298", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27298" - }, - { - "name" : "27300", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27300" - }, - { - "name" : "27301", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27301" - }, - { - "name" : "27302", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27302" - }, - { - "name" : "27303", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27303" - }, - { - "name" : "27305", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27305" - }, - { - "name" : "27310", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27310" - }, - { - "name" : "27253", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27253" - }, - { - "name" : "27254", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27254" - }, - { - "name" : "27258", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27258" - }, - { - "name" : "27259", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27259" - }, - { - "name" : "27266", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27266" - }, - { - "name" : "27267", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27267" - }, - { - "name" : "27268", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27268" - }, - { - "name" : "27269", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27269" - }, - { - "name" : "27272", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27272" - }, - { - "name" : "27273", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27273" - }, - { - "name" : "27274", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27274" - }, - { - "name" : "27276", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27276" - }, - { - "name" : "27277", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27277" - }, - { - "name" : "27278", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27278" - }, - { - "name" : "27279", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27279" - }, - { - "name" : "27280", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27280" - }, - { - "name" : "27281", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27281" - }, - { - "name" : "27283", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27283" - }, - { - "name" : "27284", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27284" - }, - { - "name" : "27286", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27286" - }, - { - "name" : "27287", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27287" - }, - { - "name" : "27288", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27288" - }, - { - "name" : "27292", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27292" - }, - { - "name" : "27293", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27293" - }, - { - "name" : "27294", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27294" - }, - { - "name" : "27295", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27295" - }, - { - "name" : "27296", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27296" - }, - { - "name" : "27304", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27304" - }, - { - "name" : "27264", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27264" - }, - { - "name" : "27265", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27265" - }, - { - "name" : "27270", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27270" - }, - { - "name" : "27271", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27271" - }, - { - "name" : "27289", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27289" - }, - { - "name" : "27290", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27290" - }, - { - "name" : "27291", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27291" - }, - { - "name" : "27299", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27299" - }, - { - "name" : "27306", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27306" - }, - { - "name" : "27308", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27308" - }, - { - "name" : "27309", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27309" - }, - { - "name" : "20299", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20299" - }, - { - "name" : "actionapps-globals-file-include(26776)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26776" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[AA_INC_PATH] parameter in (1) cached.php3, (2) cron.php3, (3) discussion.php3, (4) filldisc.php3, (5) filler.php3, (6) fillform.php3, (7) go.php3, (8) hiercons.php3, (9) jsview.php3, (10) live_checkbox.php3, (11) offline.php3, (12) post2shtml.php3, (13) search.php3, (14) slice.php3, (15) sql_update.php3, (16) view.php3, (17) multiple files in the (18) admin/ folder, (19) includes folder, and (20) modules/ folder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27308", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27308" + }, + { + "name": "27289", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27289" + }, + { + "name": "27304", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27304" + }, + { + "name": "27269", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27269" + }, + { + "name": "27256", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27256" + }, + { + "name": "1829", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1829" + }, + { + "name": "27275", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27275" + }, + { + "name": "27270", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27270" + }, + { + "name": "27292", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27292" + }, + { + "name": "actionapps-globals-file-include(26776)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26776" + }, + { + "name": "ADV-2006-1997", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1997" + }, + { + "name": "27305", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27305" + }, + { + "name": "27272", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27272" + }, + { + "name": "27278", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27278" + }, + { + "name": "27294", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27294" + }, + { + "name": "27273", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27273" + }, + { + "name": "27287", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27287" + }, + { + "name": "27274", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27274" + }, + { + "name": "27284", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27284" + }, + { + "name": "27253", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27253" + }, + { + "name": "27276", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27276" + }, + { + "name": "27306", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27306" + }, + { + "name": "27263", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27263" + }, + { + "name": "27298", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27298" + }, + { + "name": "27295", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27295" + }, + { + "name": "27271", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27271" + }, + { + "name": "27288", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27288" + }, + { + "name": "27310", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27310" + }, + { + "name": "27264", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27264" + }, + { + "name": "27262", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27262" + }, + { + "name": "27257", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27257" + }, + { + "name": "27259", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27259" + }, + { + "name": "27280", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27280" + }, + { + "name": "20299", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20299" + }, + { + "name": "27309", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27309" + }, + { + "name": "27291", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27291" + }, + { + "name": "27267", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27267" + }, + { + "name": "27281", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27281" + }, + { + "name": "27282", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27282" + }, + { + "name": "27301", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27301" + }, + { + "name": "27254", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27254" + }, + { + "name": "27268", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27268" + }, + { + "name": "27258", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27258" + }, + { + "name": "27299", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27299" + }, + { + "name": "27300", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27300" + }, + { + "name": "27297", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27297" + }, + { + "name": "27285", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27285" + }, + { + "name": "27286", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27286" + }, + { + "name": "27296", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27296" + }, + { + "name": "27303", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27303" + }, + { + "name": "27279", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27279" + }, + { + "name": "27277", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27277" + }, + { + "name": "19133", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19133" + }, + { + "name": "27283", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27283" + }, + { + "name": "27261", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27261" + }, + { + "name": "27302", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27302" + }, + { + "name": "27260", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27260" + }, + { + "name": "27266", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27266" + }, + { + "name": "27290", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27290" + }, + { + "name": "27293", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27293" + }, + { + "name": "27265", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27265" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2846.json b/2006/2xxx/CVE-2006-2846.json index fa84c33c429..632d2aaa7d0 100644 --- a/2006/2xxx/CVE-2006-2846.json +++ b/2006/2xxx/CVE-2006-2846.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2846", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Print.PHP in VisionGate Portal System allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18217", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18217" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Print.PHP in VisionGate Portal System allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18217", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18217" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5324.json b/2008/5xxx/CVE-2008-5324.json index cf8ab8832b8..cff6b84bcdc 100644 --- a/2008/5xxx/CVE-2008-5324.json +++ b/2008/5xxx/CVE-2008-5324.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 2007 before 2007D and 2008 before 2008B allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "PK69316", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK69316" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 2007 before 2007D and 2008 before 2008B allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PK69316", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK69316" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5572.json b/2008/5xxx/CVE-2008-5572.json index 3483a0855f5..940521faa66 100644 --- a/2008/5xxx/CVE-2008-5572.json +++ b/2008/5xxx/CVE-2008-5572.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5572", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Professional Download Assistant 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for database/downloads.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5572", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7371", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7371" - }, - { - "name" : "50547", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50547" - }, - { - "name" : "33030", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33030" - }, - { - "name" : "4748", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4748" - }, - { - "name" : "pda-downloads-information-disclosure(47148)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47148" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Professional Download Assistant 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for database/downloads.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50547", + "refsource": "OSVDB", + "url": "http://osvdb.org/50547" + }, + { + "name": "4748", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4748" + }, + { + "name": "7371", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7371" + }, + { + "name": "33030", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33030" + }, + { + "name": "pda-downloads-information-disclosure(47148)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47148" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5647.json b/2008/5xxx/CVE-2008-5647.json index 613331e97c6..cb107ecfb3e 100644 --- a/2008/5xxx/CVE-2008-5647.json +++ b/2008/5xxx/CVE-2008-5647.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the HTML sanitizer filter in Trac before 0.11.2 allows attackers to conduct phishing attacks via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://trac.edgewall.org/wiki/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://trac.edgewall.org/wiki/ChangeLog" - }, - { - "name" : "32226", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32226" - }, - { - "name" : "ADV-2008-3080", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3080" - }, - { - "name" : "32652", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32652" - }, - { - "name" : "trac-html-sanitizer-phishing(46491)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46491" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the HTML sanitizer filter in Trac before 0.11.2 allows attackers to conduct phishing attacks via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "trac-html-sanitizer-phishing(46491)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46491" + }, + { + "name": "32652", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32652" + }, + { + "name": "ADV-2008-3080", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3080" + }, + { + "name": "32226", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32226" + }, + { + "name": "http://trac.edgewall.org/wiki/ChangeLog", + "refsource": "CONFIRM", + "url": "http://trac.edgewall.org/wiki/ChangeLog" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2290.json b/2011/2xxx/CVE-2011-2290.json index 7b443a1093b..7da00ceb207 100644 --- a/2011/2xxx/CVE-2011-2290.json +++ b/2011/2xxx/CVE-2011-2290.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2290", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel/sockfs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-2290", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" - }, - { - "name" : "TA11-201A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel/sockfs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-201A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2487.json b/2011/2xxx/CVE-2011-2487.json index cca7a18b050..71acf88e0f1 100644 --- a/2011/2xxx/CVE-2011-2487.json +++ b/2011/2xxx/CVE-2011-2487.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2487", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2487", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2524.json b/2011/2xxx/CVE-2011-2524.json index 54c54f9f61b..b8094b323c6 100644 --- a/2011/2xxx/CVE-2011-2524.json +++ b/2011/2xxx/CVE-2011-2524.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2524", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2524", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=653258", - "refsource" : "MISC", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=653258" - }, - { - "name" : "http://git.gnome.org/browse/libsoup/tree/NEWS", - "refsource" : "CONFIRM", - "url" : "http://git.gnome.org/browse/libsoup/tree/NEWS" - }, - { - "name" : "DSA-2369", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2369" - }, - { - "name" : "FEDORA-2011-9763", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063431.html" - }, - { - "name" : "RHSA-2011:1102", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1102.html" - }, - { - "name" : "USN-1181-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1181-1" - }, - { - "name" : "1025864", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025864" - }, - { - "name" : "47299", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47299" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47299", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47299" + }, + { + "name": "http://git.gnome.org/browse/libsoup/tree/NEWS", + "refsource": "CONFIRM", + "url": "http://git.gnome.org/browse/libsoup/tree/NEWS" + }, + { + "name": "FEDORA-2011-9763", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063431.html" + }, + { + "name": "RHSA-2011:1102", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1102.html" + }, + { + "name": "1025864", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025864" + }, + { + "name": "DSA-2369", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2369" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=653258", + "refsource": "MISC", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=653258" + }, + { + "name": "USN-1181-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1181-1" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2797.json b/2011/2xxx/CVE-2011-2797.json index 70031b42aa8..487c9da57bf 100644 --- a/2011/2xxx/CVE-2011-2797.json +++ b/2011/2xxx/CVE-2011-2797.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to resource caching." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=87729", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=87729" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html" - }, - { - "name" : "http://support.apple.com/kb/HT4981", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4981" - }, - { - "name" : "http://support.apple.com/kb/HT4999", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4999" - }, - { - "name" : "http://support.apple.com/kb/HT5000", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5000" - }, - { - "name" : "APPLE-SA-2011-10-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-10-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" - }, - { - "name" : "APPLE-SA-2011-10-12-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html" - }, - { - "name" : "74247", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/74247" - }, - { - "name" : "oval:org.mitre.oval:def:14437", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14437" - }, - { - "name" : "google-chrome-resource-ce(68959)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68959" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to resource caching." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4981", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4981" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html" + }, + { + "name": "APPLE-SA-2011-10-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" + }, + { + "name": "APPLE-SA-2011-10-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" + }, + { + "name": "oval:org.mitre.oval:def:14437", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14437" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=87729", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=87729" + }, + { + "name": "74247", + "refsource": "OSVDB", + "url": "http://osvdb.org/74247" + }, + { + "name": "APPLE-SA-2011-10-12-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html" + }, + { + "name": "http://support.apple.com/kb/HT4999", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4999" + }, + { + "name": "http://support.apple.com/kb/HT5000", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5000" + }, + { + "name": "google-chrome-resource-ce(68959)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68959" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3590.json b/2011/3xxx/CVE-2011-3590.json index 664c261c95b..c44dec2ef23 100644 --- a/2011/3xxx/CVE-2011-3590.json +++ b/2011/3xxx/CVE-2011-3590.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3590", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, includes all of root's SSH private keys within a vmcore file, which allows context-dependent attackers to obtain sensitive information by inspecting the file content." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=716439", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=716439" - }, - { - "name" : "RHSA-2011:1532", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-1532.html" - }, - { - "name" : "RHSA-2012:0152", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0152.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, includes all of root's SSH private keys within a vmcore file, which allows context-dependent attackers to obtain sensitive information by inspecting the file content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=716439", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=716439" + }, + { + "name": "RHSA-2011:1532", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-1532.html" + }, + { + "name": "RHSA-2012:0152", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0152.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3738.json b/2011/3xxx/CVE-2011-3738.json index a6f30a73aa2..c564ed7ef83 100644 --- a/2011/3xxx/CVE-2011-3738.json +++ b/2011/3xxx/CVE-2011-3738.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Feng Office 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/fengoffice_1.7.2", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/fengoffice_1.7.2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Feng Office 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/fengoffice_1.7.2", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/fengoffice_1.7.2" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3859.json b/2011/3xxx/CVE-2011-3859.json index a9338373c03..66550a0f0fc 100644 --- a/2011/3xxx/CVE-2011-3859.json +++ b/2011/3xxx/CVE-2011-3859.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3859", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3859", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sitewat.ch/en/Advisories/17", - "refsource" : "MISC", - "url" : "https://sitewat.ch/en/Advisories/17" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sitewat.ch/en/Advisories/17", + "refsource": "MISC", + "url": "https://sitewat.ch/en/Advisories/17" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0501.json b/2013/0xxx/CVE-2013-0501.json index 58551a61b67..122e3b7d431 100644 --- a/2013/0xxx/CVE-2013-0501.json +++ b/2013/0xxx/CVE-2013-0501.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The EdrawSoft EDOFFICE.EDOfficeCtrl.1 ActiveX control, as used in Edraw Office Viewer Component, the client in IBM Cognos Disclosure Management (CDM) 10.2.0, and other products, allows remote attackers to read arbitrary files, or download an arbitrary program onto a client machine and execute this program, via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-0501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21627070", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21627070" - }, - { - "name" : "cdm-edrawsoft-activex(82345)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82345" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The EdrawSoft EDOFFICE.EDOfficeCtrl.1 ActiveX control, as used in Edraw Office Viewer Component, the client in IBM Cognos Disclosure Management (CDM) 10.2.0, and other products, allows remote attackers to read arbitrary files, or download an arbitrary program onto a client machine and execute this program, via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cdm-edrawsoft-activex(82345)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82345" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21627070", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21627070" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0760.json b/2013/0xxx/CVE-2013-0760.json index fad76a4fd10..d7685a39054 100644 --- a/2013/0xxx/CVE-2013-0760.json +++ b/2013/0xxx/CVE-2013-0760.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0760", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-0760", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-02.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=780979", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=780979" - }, - { - "name" : "SUSE-SU-2013:0048", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" - }, - { - "name" : "SUSE-SU-2013:0049", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" - }, - { - "name" : "openSUSE-SU-2013:0131", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" - }, - { - "name" : "openSUSE-SU-2013:0149", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" - }, - { - "name" : "USN-1681-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1681-1" - }, - { - "name" : "USN-1681-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1681-2" - }, - { - "name" : "USN-1681-4", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1681-4" - }, - { - "name" : "oval:org.mitre.oval:def:17086", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17086" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2013:0048", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" + }, + { + "name": "openSUSE-SU-2013:0131", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=780979", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=780979" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-02.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-02.html" + }, + { + "name": "USN-1681-4", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1681-4" + }, + { + "name": "oval:org.mitre.oval:def:17086", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17086" + }, + { + "name": "SUSE-SU-2013:0049", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" + }, + { + "name": "USN-1681-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1681-1" + }, + { + "name": "openSUSE-SU-2013:0149", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" + }, + { + "name": "USN-1681-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1681-2" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1105.json b/2013/1xxx/CVE-2013-1105.json index 7fb4200e70d..359718a5fe5 100644 --- a/2013/1xxx/CVE-2013-1105.json +++ b/2013/1xxx/CVE-2013-1105.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read or modify the device configuration via an SNMP request, aka Bug ID CSCua60653." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130123 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc" - }, - { - "name" : "57524", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57524" - }, - { - "name" : "89532", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/89532" - }, - { - "name" : "1028027", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028027" - }, - { - "name" : "51965", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51965" - }, - { - "name" : "cisco-wlc-unauth-access(81490)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81490" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read or modify the device configuration via an SNMP request, aka Bug ID CSCua60653." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "89532", + "refsource": "OSVDB", + "url": "http://osvdb.org/89532" + }, + { + "name": "51965", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51965" + }, + { + "name": "cisco-wlc-unauth-access(81490)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81490" + }, + { + "name": "57524", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57524" + }, + { + "name": "20130123 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc" + }, + { + "name": "1028027", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028027" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1135.json b/2013/1xxx/CVE-2013-1135.json index ced0a9ec98e..80e0ff6c4f5 100644 --- a/2013/1xxx/CVE-2013-1135.json +++ b/2013/1xxx/CVE-2013-1135.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.0 allows remote attackers to cause a denial of service (CPU consumption and monitoring outage) via malformed TLS messages to TCP port (1) 9043 or (2) 9443, aka Bug ID CSCuc07155." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130227 Cisco Prime Central for Hosted Collaboration Solution Assurance Excessive CPU Utilization Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-hcs" - }, - { - "name" : "20130227 Cisco Prime Central for Hosted Collaboration Solution Assurance Excessive CPU Utilization Issue", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1135" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.0 allows remote attackers to cause a denial of service (CPU consumption and monitoring outage) via malformed TLS messages to TCP port (1) 9043 or (2) 9443, aka Bug ID CSCuc07155." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130227 Cisco Prime Central for Hosted Collaboration Solution Assurance Excessive CPU Utilization Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-hcs" + }, + { + "name": "20130227 Cisco Prime Central for Hosted Collaboration Solution Assurance Excessive CPU Utilization Issue", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1135" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1136.json b/2013/1xxx/CVE-2013-1136.json index 0f445e197b9..900364957ae 100644 --- a/2013/1xxx/CVE-2013-1136.json +++ b/2013/1xxx/CVE-2013-1136.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1136", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor crash) by creating multiple tunnels and then examining encryption statistics, aka Bug ID CSCuc52193." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130510 Cisco ASR Route Processor 2 Dynamic Multipoint Virtual Private Network Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1136" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor crash) by creating multiple tunnels and then examining encryption statistics, aka Bug ID CSCuc52193." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130510 Cisco ASR Route Processor 2 Dynamic Multipoint Virtual Private Network Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1136" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1665.json b/2013/1xxx/CVE-2013-1665.json index 429f76ec5f5..8d47ae71840 100644 --- a/2013/1xxx/CVE-2013-1665.json +++ b/2013/1xxx/CVE-2013-1665.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1665", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[openstack-announce] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)", - "refsource" : "MLIST", - "url" : "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html" - }, - { - "name" : "[oss-security] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/02/19/2" - }, - { - "name" : "[oss-security] 20130219 REJECT CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/02/19/4" - }, - { - "name" : "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", - "refsource" : "CONFIRM", - "url" : "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html" - }, - { - "name" : "http://bugs.python.org/issue17239", - "refsource" : "CONFIRM", - "url" : "http://bugs.python.org/issue17239" - }, - { - "name" : "https://bugs.launchpad.net/keystone/+bug/1100279", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/keystone/+bug/1100279" - }, - { - "name" : "DSA-2634", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2634" - }, - { - "name" : "RHSA-2013:0658", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0658.html" - }, - { - "name" : "RHSA-2013:0657", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0657.html" - }, - { - "name" : "RHSA-2013:0670", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0670.html" - }, - { - "name" : "USN-1757-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1757-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20130219 REJECT CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/02/19/4" + }, + { + "name": "[openstack-announce] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)", + "refsource": "MLIST", + "url": "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html" + }, + { + "name": "RHSA-2013:0658", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0658.html" + }, + { + "name": "[oss-security] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/02/19/2" + }, + { + "name": "USN-1757-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1757-1" + }, + { + "name": "RHSA-2013:0657", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0657.html" + }, + { + "name": "DSA-2634", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2634" + }, + { + "name": "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", + "refsource": "CONFIRM", + "url": "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html" + }, + { + "name": "RHSA-2013:0670", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0670.html" + }, + { + "name": "http://bugs.python.org/issue17239", + "refsource": "CONFIRM", + "url": "http://bugs.python.org/issue17239" + }, + { + "name": "https://bugs.launchpad.net/keystone/+bug/1100279", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/keystone/+bug/1100279" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1697.json b/2013/1xxx/CVE-2013-1697.json index eea990445d9..2f5153dafc3 100644 --- a/2013/1xxx/CVE-2013-1697.json +++ b/2013/1xxx/CVE-2013-1697.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1697", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-1697", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-59.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-59.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=858101", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=858101" - }, - { - "name" : "DSA-2716", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2716" - }, - { - "name" : "DSA-2720", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2720" - }, - { - "name" : "RHSA-2013:0981", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0981.html" - }, - { - "name" : "RHSA-2013:0982", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0982.html" - }, - { - "name" : "SUSE-SU-2013:1152", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html" - }, - { - "name" : "SUSE-SU-2013:1153", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html" - }, - { - "name" : "openSUSE-SU-2013:1140", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html" - }, - { - "name" : "openSUSE-SU-2013:1141", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html" - }, - { - "name" : "openSUSE-SU-2013:1142", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html" - }, - { - "name" : "openSUSE-SU-2013:1143", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html" - }, - { - "name" : "USN-1890-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1890-1" - }, - { - "name" : "USN-1891-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1891-1" - }, - { - "name" : "60784", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60784" - }, - { - "name" : "oval:org.mitre.oval:def:17243", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17243" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60784", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60784" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=858101", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=858101" + }, + { + "name": "USN-1890-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1890-1" + }, + { + "name": "RHSA-2013:0982", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0982.html" + }, + { + "name": "SUSE-SU-2013:1153", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html" + }, + { + "name": "SUSE-SU-2013:1152", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html" + }, + { + "name": "RHSA-2013:0981", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0981.html" + }, + { + "name": "oval:org.mitre.oval:def:17243", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17243" + }, + { + "name": "USN-1891-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1891-1" + }, + { + "name": "openSUSE-SU-2013:1141", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-59.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-59.html" + }, + { + "name": "DSA-2716", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2716" + }, + { + "name": "openSUSE-SU-2013:1142", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html" + }, + { + "name": "openSUSE-SU-2013:1140", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html" + }, + { + "name": "DSA-2720", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2720" + }, + { + "name": "openSUSE-SU-2013:1143", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4463.json b/2013/4xxx/CVE-2013-4463.json index cd0d8580e0e..dfb7dd99ce2 100644 --- a/2013/4xxx/CVE-2013-4463.json +++ b/2013/4xxx/CVE-2013-4463.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131031 [OSSA 2013-029] Potential Nova denial of service through compressed disk images (CVE-2013-4463, CVE-2013-4469)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/10/31/3" - }, - { - "name" : "https://bugs.launchpad.net/nova/+bug/1206081", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/nova/+bug/1206081" - }, - { - "name" : "RHSA-2014:0112", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0112.html" - }, - { - "name" : "USN-2247-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2247-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/nova/+bug/1206081", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/nova/+bug/1206081" + }, + { + "name": "[oss-security] 20131031 [OSSA 2013-029] Potential Nova denial of service through compressed disk images (CVE-2013-4463, CVE-2013-4469)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/10/31/3" + }, + { + "name": "USN-2247-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2247-1" + }, + { + "name": "RHSA-2014:0112", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0112.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4907.json b/2013/4xxx/CVE-2013-4907.json index 17ba3e4dd5d..babb2588609 100644 --- a/2013/4xxx/CVE-2013-4907.json +++ b/2013/4xxx/CVE-2013-4907.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4907", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4907", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5005.json b/2013/5xxx/CVE-2013-5005.json index 96310daaaaf..b32b953e64e 100644 --- a/2013/5xxx/CVE-2013-5005.json +++ b/2013/5xxx/CVE-2013-5005.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ajaxRequest/methodCall.do in Tripwire Enterprise 8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) m_target_class_name, (2) m_target_method_name, or (3) m_request_context_params parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodaylab.com/zdl-advisories/2013-5005.html", - "refsource" : "MISC", - "url" : "http://www.zerodaylab.com/zdl-advisories/2013-5005.html" - }, - { - "name" : "65242", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65242" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ajaxRequest/methodCall.do in Tripwire Enterprise 8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) m_target_class_name, (2) m_target_method_name, or (3) m_request_context_params parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodaylab.com/zdl-advisories/2013-5005.html", + "refsource": "MISC", + "url": "http://www.zerodaylab.com/zdl-advisories/2013-5005.html" + }, + { + "name": "65242", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65242" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5299.json b/2013/5xxx/CVE-2013-5299.json index e734dcc9fce..c863688c04c 100644 --- a/2013/5xxx/CVE-2013-5299.json +++ b/2013/5xxx/CVE-2013-5299.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5299", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5299", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5399.json b/2013/5xxx/CVE-2013-5399.json index 1bcde5a42ca..5ed8495df16 100644 --- a/2013/5xxx/CVE-2013-5399.json +++ b/2013/5xxx/CVE-2013-5399.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5399", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5399", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5752.json b/2013/5xxx/CVE-2013-5752.json index 74b21be0697..f242198a895 100644 --- a/2013/5xxx/CVE-2013-5752.json +++ b/2013/5xxx/CVE-2013-5752.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5752", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5752", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2784.json b/2014/2xxx/CVE-2014-2784.json index e337b16203d..e7bee3a84ae 100644 --- a/2014/2xxx/CVE-2014-2784.json +++ b/2014/2xxx/CVE-2014-2784.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-4051." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-2784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-051", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" - }, - { - "name" : "69100", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69100" - }, - { - "name" : "1030715", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030715" - }, - { - "name" : "60670", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60670" - }, - { - "name" : "ms-ie-cve20142784-code-exec(94968)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-4051." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030715", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030715" + }, + { + "name": "MS14-051", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" + }, + { + "name": "69100", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69100" + }, + { + "name": "ms-ie-cve20142784-code-exec(94968)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94968" + }, + { + "name": "60670", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60670" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0386.json b/2017/0xxx/CVE-2017-0386.json index 68350d42359..2d0326c0412 100644 --- a/2017/0xxx/CVE-2017-0386.json +++ b/2017/0xxx/CVE-2017-0386.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-5.0.2" - }, - { - "version_value" : "Android-5.1.1" - }, - { - "version_value" : "Android-6.0" - }, - { - "version_value" : "Android-6.0.1" - }, - { - "version_value" : "Android-7.0" - }, - { - "version_value" : "Android-7.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the libnl library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32255299." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-5.0.2" + }, + { + "version_value": "Android-5.1.1" + }, + { + "version_value": "Android-6.0" + }, + { + "version_value": "Android-6.0.1" + }, + { + "version_value": "Android-7.0" + }, + { + "version_value": "Android-7.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-01-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-01-01.html" - }, - { - "name" : "95256", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95256" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the libnl library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32255299." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-01-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-01-01.html" + }, + { + "name": "95256", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95256" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0524.json b/2017/0xxx/CVE-2017-0524.json index d7335d5c965..8ccda3a172d 100644 --- a/2017/0xxx/CVE-2017-0524.json +++ b/2017/0xxx/CVE-2017-0524.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0524", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33002026." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0524", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-03-01" - }, - { - "name" : "96808", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96808" - }, - { - "name" : "1037968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33002026." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-03-01" + }, + { + "name": "1037968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037968" + }, + { + "name": "96808", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96808" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0827.json b/2017/0xxx/CVE-2017-0827.json index 44032853195..dd8acdc95d4 100644 --- a/2017/0xxx/CVE-2017-0827.json +++ b/2017/0xxx/CVE-2017-0827.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-10-02T00:00:00", - "ID" : "CVE-2017-0827", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-62539960. References: M-ALPS03353876, M-ALPS03353861, M-ALPS03353869, M-ALPS03353867, M-ALPS03353872." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-10-02T00:00:00", + "ID": "CVE-2017-0827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-10-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-10-01" - }, - { - "name" : "101120", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-62539960. References: M-ALPS03353876, M-ALPS03353861, M-ALPS03353869, M-ALPS03353867, M-ALPS03353872." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101120", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101120" + }, + { + "name": "https://source.android.com/security/bulletin/2017-10-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-10-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000053.json b/2017/1000xxx/CVE-2017-1000053.json index 1b927d84053..844268bdf7e 100644 --- a/2017/1000xxx/CVE-2017-1000053.json +++ b/2017/1000xxx/CVE-2017-1000053.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-05-06T20:43:28.301156", - "ID" : "CVE-2017-1000053", - "REQUESTER" : "griffin.byatt@nccgroup.trust", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Plug", - "version" : { - "version_data" : [ - { - "version_value" : "v1.3.1, v1.3.0, v1.2.2, v1.2.1, v1.2.0, v1.1.6, v1.1.5, v1.1.4, v1.1.3, v1.1.2, v1.1.1, v1.1.0, v1.0.3, v1.0.2, v1.0.1, v1.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "Elixir Lang" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insecure deserialization" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-05-06T20:43:28.301156", + "ID": "CVE-2017-1000053", + "REQUESTER": "griffin.byatt@nccgroup.trust", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://elixirforum.com/t/security-releases-for-plug/3913", - "refsource" : "CONFIRM", - "url" : "https://elixirforum.com/t/security-releases-for-plug/3913" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://elixirforum.com/t/security-releases-for-plug/3913", + "refsource": "CONFIRM", + "url": "https://elixirforum.com/t/security-releases-for-plug/3913" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12382.json b/2017/12xxx/CVE-2017-12382.json index 8d07816917c..25254c5d6ae 100644 --- a/2017/12xxx/CVE-2017-12382.json +++ b/2017/12xxx/CVE-2017-12382.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12382", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12382", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12445.json b/2017/12xxx/CVE-2017-12445.json index a39cd653eb4..d768ce9b3be 100644 --- a/2017/12xxx/CVE-2017-12445.json +++ b/2017/12xxx/CVE-2017-12445.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The JB2BitmapCoder::code_row_by_refinement function in jb2/bmpcoder.cpp in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20170808 minidjvu multiple vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Aug/15" - }, - { - "name" : "100423", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The JB2BitmapCoder::code_row_by_refinement function in jb2/bmpcoder.cpp in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20170808 minidjvu multiple vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Aug/15" + }, + { + "name": "100423", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100423" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12646.json b/2017/12xxx/CVE-2017-12646.json index 0b49a634125..b4ff0ecc48e 100644 --- a/2017/12xxx/CVE-2017-12646.json +++ b/2017/12xxx/CVE-2017-12646.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12646", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities", - "refsource" : "CONFIRM", - "url" : "https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities" - }, - { - "name" : "https://github.com/brianchandotcom/liferay-portal/pull/49833", - "refsource" : "CONFIRM", - "url" : "https://github.com/brianchandotcom/liferay-portal/pull/49833" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/brianchandotcom/liferay-portal/pull/49833", + "refsource": "CONFIRM", + "url": "https://github.com/brianchandotcom/liferay-portal/pull/49833" + }, + { + "name": "https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities", + "refsource": "CONFIRM", + "url": "https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12714.json b/2017/12xxx/CVE-2017-12714.json index f859c701802..89ccd1ee0de 100644 --- a/2017/12xxx/CVE-2017-12714.json +++ b/2017/12xxx/CVE-2017-12714.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2017-08-29T00:00:00", - "ID" : "CVE-2017-12714", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Accent/Anthem, Accent MRI, Assurity/Allure, and Assurity MRI.", - "version" : { - "version_data" : [ - { - "version_value" : "All versions of pacemakers manufactured prior to August 28, 2017" - } - ] - } - } - ] - }, - "vendor_name" : "Abbott Laboratories" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted \"RF wake-up\" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Restriction of power consumption CWE-920" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2017-08-29T00:00:00", + "ID": "CVE-2017-12714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Accent/Anthem, Accent MRI, Assurity/Allure, and Assurity MRI.", + "version": { + "version_data": [ + { + "version_value": "All versions of pacemakers manufactured prior to August 28, 2017" + } + ] + } + } + ] + }, + "vendor_name": "Abbott Laboratories" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01" - }, - { - "name" : "100523", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100523" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted \"RF wake-up\" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Restriction of power consumption CWE-920" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01" + }, + { + "name": "100523", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100523" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12844.json b/2017/12xxx/CVE-2017-12844.json index 398aae9a914..5161eb11011 100644 --- a/2017/12xxx/CVE-2017-12844.json +++ b/2017/12xxx/CVE-2017-12844.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12844", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://youtu.be/MI4dhEia1d4", - "refsource" : "MISC", - "url" : "https://youtu.be/MI4dhEia1d4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://youtu.be/MI4dhEia1d4", + "refsource": "MISC", + "url": "https://youtu.be/MI4dhEia1d4" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12883.json b/2017/12xxx/CVE-2017-12883.json index 60a8221439c..95c1bba114a 100644 --- a/2017/12xxx/CVE-2017-12883.json +++ b/2017/12xxx/CVE-2017-12883.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12883", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\\N{U+...}' escape." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12883", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1492093", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1492093" - }, - { - "name" : "https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1", - "refsource" : "CONFIRM", - "url" : "https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1" - }, - { - "name" : "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1", - "refsource" : "CONFIRM", - "url" : "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1" - }, - { - "name" : "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1", - "refsource" : "CONFIRM", - "url" : "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1" - }, - { - "name" : "http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch", - "refsource" : "CONFIRM", - "url" : "http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch" - }, - { - "name" : "https://rt.perl.org/Public/Bug/Display.html?id=131598", - "refsource" : "CONFIRM", - "url" : "https://rt.perl.org/Public/Bug/Display.html?id=131598" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180426-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180426-0001/" - }, - { - "name" : "DSA-3982", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3982" - }, - { - "name" : "100852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100852" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\\N{U+...}' escape." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch", + "refsource": "CONFIRM", + "url": "http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch" + }, + { + "name": "DSA-3982", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3982" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1492093", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492093" + }, + { + "name": "https://rt.perl.org/Public/Bug/Display.html?id=131598", + "refsource": "CONFIRM", + "url": "https://rt.perl.org/Public/Bug/Display.html?id=131598" + }, + { + "name": "https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1", + "refsource": "CONFIRM", + "url": "https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1" + }, + { + "name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1", + "refsource": "CONFIRM", + "url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1" + }, + { + "name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1", + "refsource": "CONFIRM", + "url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1" + }, + { + "name": "100852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100852" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180426-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180426-0001/" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16018.json b/2017/16xxx/CVE-2017-16018.json index 6d3a332713f..e60eb9e3954 100644 --- a/2017/16xxx/CVE-2017-16018.json +++ b/2017/16xxx/CVE-2017-16018.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "restify node module", - "version" : { - "version_data" : [ - { - "version_value" : ">=2.0.0 <=4.0.4" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Restify is a framework for building REST APIs. Restify >=2.0.0 <=4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site Scripting (XSS) - Generic (CWE-79)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "restify node module", + "version": { + "version_data": [ + { + "version_value": ">=2.0.0 <=4.0.4" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/restify/node-restify/issues/1018", - "refsource" : "MISC", - "url" : "https://github.com/restify/node-restify/issues/1018" - }, - { - "name" : "https://nodesecurity.io/advisories/314", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/314" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Restify is a framework for building REST APIs. Restify >=2.0.0 <=4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Generic (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/314", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/314" + }, + { + "name": "https://github.com/restify/node-restify/issues/1018", + "refsource": "MISC", + "url": "https://github.com/restify/node-restify/issues/1018" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16173.json b/2017/16xxx/CVE-2017-16173.json index 792bf997138..31e94ab1eb3 100644 --- a/2017/16xxx/CVE-2017-16173.json +++ b/2017/16xxx/CVE-2017-16173.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "utahcityfinder node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "utahcityfinder constructs lists of Utah cities with a certain prefix. utahcityfinder is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "utahcityfinder node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/utahcityfinder", - "refsource" : "MISC", - "url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/utahcityfinder" - }, - { - "name" : "https://nodesecurity.io/advisories/467", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "utahcityfinder constructs lists of Utah cities with a certain prefix. utahcityfinder is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/467", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/467" + }, + { + "name": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/utahcityfinder", + "refsource": "MISC", + "url": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/utahcityfinder" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16584.json b/2017/16xxx/CVE-2017-16584.json index 67acde767e1..6cb1aaa8f02 100644 --- a/2017/16xxx/CVE-2017-16584.json +++ b/2017/16xxx/CVE-2017-16584.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2017-16584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "8.3.2.25013" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within util.printf. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5290." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-125-Out-of-bounds Read" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2017-16584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "8.3.2.25013" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-17-895", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-17-895" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within util.printf. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5290." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-17-895", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-17-895" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16725.json b/2017/16xxx/CVE-2017-16725.json index 8b005c8f582..8d5e95b2c54 100644 --- a/2017/16xxx/CVE-2017-16725.json +++ b/2017/16xxx/CVE-2017-16725.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-16725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Xiongmai Technology IP Cameras and DVRs", - "version" : { - "version_data" : [ - { - "version_value" : "Xiongmai Technology IP Cameras and DVRs" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identified, which may allow an attacker to execute code remotely or crash the device. After rebooting, the device restores itself to a more vulnerable state in which Telnet is accessible." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "stack-based buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-16725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Xiongmai Technology IP Cameras and DVRs", + "version": { + "version_data": [ + { + "version_value": "Xiongmai Technology IP Cameras and DVRs" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-341-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-341-01" - }, - { - "name" : "102125", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102125" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identified, which may allow an attacker to execute code remotely or crash the device. After rebooting, the device restores itself to a more vulnerable state in which Telnet is accessible." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "stack-based buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102125", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102125" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-341-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-341-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16773.json b/2017/16xxx/CVE-2017-16773.json index bf78756ae82..431bbbe0ab9 100644 --- a/2017/16xxx/CVE-2017-16773.json +++ b/2017/16xxx/CVE-2017-16773.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@synology.com", - "DATE_PUBLIC" : "2018-07-05T00:00:00", - "ID" : "CVE-2017-16773", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Universal Search", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "1.0.5-0135" - } - ] - } - } - ] - }, - "vendor_name" : "Synology" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 6.5, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "NONE", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Authorization (CWE-285)" - } + "CVE_data_meta": { + "ASSIGNER": "security@synology.com", + "DATE_PUBLIC": "2018-07-05T00:00:00", + "ID": "CVE-2017-16773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Universal Search", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "1.0.5-0135" + } + ] + } + } + ] + }, + "vendor_name": "Synology" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.synology.com/en-global/support/security/Synology_SA_18_27", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/en-global/support/security/Synology_SA_18_27" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authorization (CWE-285)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.synology.com/en-global/support/security/Synology_SA_18_27", + "refsource": "CONFIRM", + "url": "https://www.synology.com/en-global/support/security/Synology_SA_18_27" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4217.json b/2017/4xxx/CVE-2017-4217.json index 1c84bfd6970..db7255a7f83 100644 --- a/2017/4xxx/CVE-2017-4217.json +++ b/2017/4xxx/CVE-2017-4217.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4217", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4217", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4339.json b/2017/4xxx/CVE-2017-4339.json index b36c56c0d5a..aa8cfd6e213 100644 --- a/2017/4xxx/CVE-2017-4339.json +++ b/2017/4xxx/CVE-2017-4339.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4339", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4339", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4388.json b/2017/4xxx/CVE-2017-4388.json index 086cf6d4bff..626738f0a81 100644 --- a/2017/4xxx/CVE-2017-4388.json +++ b/2017/4xxx/CVE-2017-4388.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4388", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4388", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4632.json b/2017/4xxx/CVE-2017-4632.json index 805d22ed3a5..ea3f8b20f64 100644 --- a/2017/4xxx/CVE-2017-4632.json +++ b/2017/4xxx/CVE-2017-4632.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4632", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4632", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18809.json b/2018/18xxx/CVE-2018-18809.json index f3b39ca7593..59e9455a84b 100644 --- a/2018/18xxx/CVE-2018-18809.json +++ b/2018/18xxx/CVE-2018-18809.json @@ -1,227 +1,227 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@tibco.com", - "DATE_PUBLIC" : "2019-03-06T17:00:00.000Z", - "ID" : "CVE-2018-18809", - "STATE" : "PUBLIC", - "TITLE" : "TIBCO JasperReports Library Directory Traversal Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TIBCO JasperReports Library", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "6.3.4" - }, - { - "affected" : "=", - "version_value" : "6.4.1" - }, - { - "affected" : "=", - "version_value" : "6.4.2" - }, - { - "affected" : "=", - "version_value" : "6.4.21" - }, - { - "affected" : "=", - "version_value" : "7.1.0" - }, - { - "affected" : "=", - "version_value" : "7.2.0" - } - ] - } - }, - { - "product_name" : "TIBCO JasperReports Library Community Edition", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "6.7.0" - } - ] - } - }, - { - "product_name" : "TIBCO JasperReports Library for ActiveMatrix BPM", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "6.4.21" - } - ] - } - }, - { - "product_name" : "TIBCO JasperReports Server", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "6.3.4" - }, - { - "affected" : "=", - "version_value" : "6.4.0" - }, - { - "affected" : "=", - "version_value" : "6.4.1" - }, - { - "affected" : "=", - "version_value" : "6.4.2" - }, - { - "affected" : "=", - "version_value" : "6.4.3" - }, - { - "affected" : "=", - "version_value" : "7.1.0" - } - ] - } - }, - { - "product_name" : "TIBCO JasperReports Server Community Edition", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "6.4.3" - }, - { - "affected" : "=", - "version_value" : "7.1.0" - } - ] - } - }, - { - "product_name" : "TIBCO JasperReports Server for ActiveMatrix BPM", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "6.4.3" - } - ] - } - }, - { - "product_name" : "TIBCO Jaspersoft for AWS with Multi-Tenancy", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "7.1.0" - } - ] - } - }, - { - "product_name" : "TIBCO Jaspersoft Reporting and Analytics for AWS", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "7.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "TIBCO Software Inc." - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "TIBCO would like to extend its appreciation to Elar Lang of Clarified Security and Sathish Kumar Balakrishnan from Cyber Security Works Pvt Ltd for discovery of this vulnerability.\n" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: versions up to and including 6.3.4; 6.4.1; 6.4.2; 6.4.21; 7.1.0; 7.2.0, TIBCO JasperReports Library Community Edition: versions up to and including 6.7.0, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.21, TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.3; 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 9.9, - "baseSeverity" : "CRITICAL", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "LOW", - "scope" : "CHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "The impact of this vulnerability includes the theoretical possibility that a web server using the provided DefaultWebResourceHandler could expose details of the host system. The disclosed data could include credentials to access other systems." - } + "CVE_data_meta": { + "ASSIGNER": "security@tibco.com", + "DATE_PUBLIC": "2019-03-06T17:00:00.000Z", + "ID": "CVE-2018-18809", + "STATE": "PUBLIC", + "TITLE": "TIBCO JasperReports Library Directory Traversal Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TIBCO JasperReports Library", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "6.3.4" + }, + { + "affected": "=", + "version_value": "6.4.1" + }, + { + "affected": "=", + "version_value": "6.4.2" + }, + { + "affected": "=", + "version_value": "6.4.21" + }, + { + "affected": "=", + "version_value": "7.1.0" + }, + { + "affected": "=", + "version_value": "7.2.0" + } + ] + } + }, + { + "product_name": "TIBCO JasperReports Library Community Edition", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "6.7.0" + } + ] + } + }, + { + "product_name": "TIBCO JasperReports Library for ActiveMatrix BPM", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "6.4.21" + } + ] + } + }, + { + "product_name": "TIBCO JasperReports Server", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "6.3.4" + }, + { + "affected": "=", + "version_value": "6.4.0" + }, + { + "affected": "=", + "version_value": "6.4.1" + }, + { + "affected": "=", + "version_value": "6.4.2" + }, + { + "affected": "=", + "version_value": "6.4.3" + }, + { + "affected": "=", + "version_value": "7.1.0" + } + ] + } + }, + { + "product_name": "TIBCO JasperReports Server Community Edition", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "6.4.3" + }, + { + "affected": "=", + "version_value": "7.1.0" + } + ] + } + }, + { + "product_name": "TIBCO JasperReports Server for ActiveMatrix BPM", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "6.4.3" + } + ] + } + }, + { + "product_name": "TIBCO Jaspersoft for AWS with Multi-Tenancy", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "7.1.0" + } + ] + } + }, + { + "product_name": "TIBCO Jaspersoft Reporting and Analytics for AWS", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "7.1.0" + } + ] + } + } + ] + }, + "vendor_name": "TIBCO Software Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tibco.com/services/support/advisories", - "refsource" : "MISC", - "url" : "http://www.tibco.com/services/support/advisories" - }, - { - "name" : "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-library-2018-18809", - "refsource" : "CONFIRM", - "url" : "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-library-2018-18809" - }, - { - "name" : "107351", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107351" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Library versions 6.3.4 and below update to version 6.3.5 or higher\nTIBCO JasperReports Library versions 6.4.1, 6.4.2, and 6.4.21 update to version 6.4.22 or higher\nTIBCO JasperReports Library version 7.1.0 update to version 7.1.1 or higher\nTIBCO JasperReports Library version 7.2.0 update to version 7.2.1 or higher\n\nTIBCO JasperReports Library Community Edition versions 6.7.0 and below update to version 6.7.1 or higher\n\nTIBCO JasperReports Library for ActiveMatrix BPM versions 6.4.21 and below update to version 6.4.22 or higher\n\nTIBCO JasperReports Server versions 6.3.4 and below update to version 6.3.5 or higher\nTIBCO JasperReports Server versions 6.4.0, 6.4.1, 6.4.2, and 6.4.3 update to version 6.4.4 or higher\nTIBCO JasperReports Server version 7.1.0 update to version 7.1.1 or higher\n\nTIBCO JasperReports Server Community Edition versions 7.1.0 and below update to version 7.1.1 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.3 and below update to version 6.4.4 or higher\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 7.1.0 and below update to version 7.1.1 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 7.1.0 and below update to version 7.1.1 or higher\n" - } - ], - "source" : { - "discovery" : "EXTERNAL" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "TIBCO would like to extend its appreciation to Elar Lang of Clarified Security and Sathish Kumar Balakrishnan from Cyber Security Works Pvt Ltd for discovery of this vulnerability.\n" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: versions up to and including 6.3.4; 6.4.1; 6.4.2; 6.4.21; 7.1.0; 7.2.0, TIBCO JasperReports Library Community Edition: versions up to and including 6.7.0, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.21, TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.3; 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The impact of this vulnerability includes the theoretical possibility that a web server using the provided DefaultWebResourceHandler could expose details of the host system. The disclosed data could include credentials to access other systems." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tibco.com/services/support/advisories", + "refsource": "MISC", + "url": "http://www.tibco.com/services/support/advisories" + }, + { + "name": "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-library-2018-18809", + "refsource": "CONFIRM", + "url": "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-library-2018-18809" + }, + { + "name": "107351", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107351" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Library versions 6.3.4 and below update to version 6.3.5 or higher\nTIBCO JasperReports Library versions 6.4.1, 6.4.2, and 6.4.21 update to version 6.4.22 or higher\nTIBCO JasperReports Library version 7.1.0 update to version 7.1.1 or higher\nTIBCO JasperReports Library version 7.2.0 update to version 7.2.1 or higher\n\nTIBCO JasperReports Library Community Edition versions 6.7.0 and below update to version 6.7.1 or higher\n\nTIBCO JasperReports Library for ActiveMatrix BPM versions 6.4.21 and below update to version 6.4.22 or higher\n\nTIBCO JasperReports Server versions 6.3.4 and below update to version 6.3.5 or higher\nTIBCO JasperReports Server versions 6.4.0, 6.4.1, 6.4.2, and 6.4.3 update to version 6.4.4 or higher\nTIBCO JasperReports Server version 7.1.0 update to version 7.1.1 or higher\n\nTIBCO JasperReports Server Community Edition versions 7.1.0 and below update to version 7.1.1 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.3 and below update to version 6.4.4 or higher\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 7.1.0 and below update to version 7.1.1 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 7.1.0 and below update to version 7.1.1 or higher\n" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18900.json b/2018/18xxx/CVE-2018-18900.json index 159e194f99e..69a0ca491bd 100644 --- a/2018/18xxx/CVE-2018-18900.json +++ b/2018/18xxx/CVE-2018-18900.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18900", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18900", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5287.json b/2018/5xxx/CVE-2018-5287.json index 80126d6dd2a..b8818f1eac2 100644 --- a/2018/5xxx/CVE-2018-5287.json +++ b/2018/5xxx/CVE-2018-5287.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/gd-rating-system.md", - "refsource" : "MISC", - "url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/gd-rating-system.md" - }, - { - "name" : "https://wordpress.org/support/topic/xss-lfi-bugs-at-the-latest-version-of-gd-rating-system/", - "refsource" : "MISC", - "url" : "https://wordpress.org/support/topic/xss-lfi-bugs-at-the-latest-version-of-gd-rating-system/" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8995", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8995" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wpvulndb.com/vulnerabilities/8995", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8995" + }, + { + "name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/gd-rating-system.md", + "refsource": "MISC", + "url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/gd-rating-system.md" + }, + { + "name": "https://wordpress.org/support/topic/xss-lfi-bugs-at-the-latest-version-of-gd-rating-system/", + "refsource": "MISC", + "url": "https://wordpress.org/support/topic/xss-lfi-bugs-at-the-latest-version-of-gd-rating-system/" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5567.json b/2018/5xxx/CVE-2018-5567.json index 1dfb3c89f22..27e1c9d3f2e 100644 --- a/2018/5xxx/CVE-2018-5567.json +++ b/2018/5xxx/CVE-2018-5567.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5567", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5567", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5877.json b/2018/5xxx/CVE-2018-5877.json index 3f1cf3b7f8b..c25f96da24c 100644 --- a/2018/5xxx/CVE-2018-5877.json +++ b/2018/5xxx/CVE-2018-5877.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-5877", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the device programmer target-side code for firehose, a string may not be properly NULL terminated can lead to a incorrect buffer size in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Calculation of Buffer Size in Boot" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-5877", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - }, - { - "name" : "105838", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105838" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the device programmer target-side code for firehose, a string may not be properly NULL terminated can lead to a incorrect buffer size in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Calculation of Buffer Size in Boot" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "name": "105838", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105838" + } + ] + } +} \ No newline at end of file