diff --git a/2001/0xxx/CVE-2001-0057.json b/2001/0xxx/CVE-2001-0057.json index 4152dd90161..bc6405271d4 100644 --- a/2001/0xxx/CVE-2001-0057.json +++ b/2001/0xxx/CVE-2001-0057.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0057", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a large ICMP echo (ping) packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001204 Multiple Vulnerabilities in CBOS", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/CBOS-multiple.shtml" - }, - { - "name" : "cisco-cbos-icmp-echo(5629)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a large ICMP echo (ping) packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-cbos-icmp-echo(5629)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5629" + }, + { + "name": "20001204 Multiple Vulnerabilities in CBOS", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/CBOS-multiple.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0096.json b/2001/0xxx/CVE-2001-0096.json index 48995445ae4..52ea6432691 100644 --- a/2001/0xxx/CVE-2001-0096.json +++ b/2001/0xxx/CVE-2001-0096.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote attackers to cause a denial of service via a malformed form, aka the \"Malformed Web Form Submission\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS00-100", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-100" - }, - { - "name" : "iis-web-form-submit(5823)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote attackers to cause a denial of service via a malformed form, aka the \"Malformed Web Form Submission\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS00-100", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-100" + }, + { + "name": "iis-web-form-submit(5823)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5823" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0287.json b/2001/0xxx/CVE-2001-0287.json index 3e6e439fb69..af4a2a5d6eb 100644 --- a/2001/0xxx/CVE-2001-0287.json +++ b/2001/0xxx/CVE-2001-0287.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VERITAS Cluster Server (VCS) 1.3.0 on Solaris allows local users to cause a denial of service (system panic) via the -L option to the lltstat command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010302 Option to VERITAS Cluster Server (VCS) lltstat command will panic system.", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-02/0528.html" - }, - { - "name" : "http://seer.support.veritas.com/docs/234326.htm", - "refsource" : "CONFIRM", - "url" : "http://seer.support.veritas.com/docs/234326.htm" - }, - { - "name" : "6025", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VERITAS Cluster Server (VCS) 1.3.0 on Solaris allows local users to cause a denial of service (system panic) via the -L option to the lltstat command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010302 Option to VERITAS Cluster Server (VCS) lltstat command will panic system.", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0528.html" + }, + { + "name": "http://seer.support.veritas.com/docs/234326.htm", + "refsource": "CONFIRM", + "url": "http://seer.support.veritas.com/docs/234326.htm" + }, + { + "name": "6025", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6025" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0530.json b/2001/0xxx/CVE-2001-0530.json index 80804a747e9..51060283686 100644 --- a/2001/0xxx/CVE-2001-0530.json +++ b/2001/0xxx/CVE-2001-0530.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0530", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Spearhead NetGAP 200 and 300 before build 78 allow a remote attacker to bypass file blocking and content inspection via specially encoded URLs which include '%' characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0530", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010528 Vulnerability discovered in SpearHead NetGap", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-05/0256.html" - }, - { - "name" : "20010607 SpearHead Security NetGAP", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-06/0047.html" - }, - { - "name" : "2798", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2798" - }, - { - "name" : "netgap-unicode-bypass-filter(6625)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Spearhead NetGAP 200 and 300 before build 78 allow a remote attacker to bypass file blocking and content inspection via specially encoded URLs which include '%' characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "netgap-unicode-bypass-filter(6625)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6625" + }, + { + "name": "20010528 Vulnerability discovered in SpearHead NetGap", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0256.html" + }, + { + "name": "20010607 SpearHead Security NetGAP", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0047.html" + }, + { + "name": "2798", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2798" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0894.json b/2001/0xxx/CVE-2001-0894.json index 20c6c9f8e18..54585022c80 100644 --- a/2001/0xxx/CVE-2001-0894.json +++ b/2001/0xxx/CVE-2001-0894.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0894", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster when SMTP errors cause the session to terminate, allows remote attackers to cause a denial of service (memory exhaustion) by generating a large number of SMTP errors, which forces the SMTP session log to grow too large." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0894", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011115 Postfix session log memory exhaustion bugfix", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100584160110303&w=2" - }, - { - "name" : "CLA-2001:439", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000439" - }, - { - "name" : "DSA-093", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2001/dsa-093" - }, - { - "name" : "MDKSA-2001:089", - "refsource" : "MANDRAKE", - "url" : "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:089" - }, - { - "name" : "RHSA-2001:156", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2001-156.html" - }, - { - "name" : "3544", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3544" - }, - { - "name" : "postfix-smtp-log-dos(7568)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7568" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster when SMTP errors cause the session to terminate, allows remote attackers to cause a denial of service (memory exhaustion) by generating a large number of SMTP errors, which forces the SMTP session log to grow too large." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-093", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2001/dsa-093" + }, + { + "name": "3544", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3544" + }, + { + "name": "CLA-2001:439", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000439" + }, + { + "name": "MDKSA-2001:089", + "refsource": "MANDRAKE", + "url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:089" + }, + { + "name": "RHSA-2001:156", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2001-156.html" + }, + { + "name": "postfix-smtp-log-dos(7568)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7568" + }, + { + "name": "20011115 Postfix session log memory exhaustion bugfix", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=100584160110303&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1053.json b/2001/1xxx/CVE-2001-1053.json index ac2b863a5d3..acd0bd68c8d 100644 --- a/2001/1xxx/CVE-2001-1053.json +++ b/2001/1xxx/CVE-2001-1053.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010713 AdCycle SQL Command Insertion Vulnerability - qDefense Advisory Number QDAV-2001-7-2", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-07/0249.html" - }, - { - "name" : "http://www.adcycle.com/cgi-bin/download.cgi?type=UNIX&version=1.17", - "refsource" : "CONFIRM", - "url" : "http://www.adcycle.com/cgi-bin/download.cgi?type=UNIX&version=1.17" - }, - { - "name" : "adcycle-insert-sql-command(6837)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6837" - }, - { - "name" : "3032", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3032" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010713 AdCycle SQL Command Insertion Vulnerability - qDefense Advisory Number QDAV-2001-7-2", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0249.html" + }, + { + "name": "http://www.adcycle.com/cgi-bin/download.cgi?type=UNIX&version=1.17", + "refsource": "CONFIRM", + "url": "http://www.adcycle.com/cgi-bin/download.cgi?type=UNIX&version=1.17" + }, + { + "name": "3032", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3032" + }, + { + "name": "adcycle-insert-sql-command(6837)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6837" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1093.json b/2001/1xxx/CVE-2001-1093.json index bf68875bc8c..a86e2db8f21 100644 --- a/2001/1xxx/CVE-2001-1093.json +++ b/2001/1xxx/CVE-2001-1093.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows local users to execute arbitrary code via a long command line argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010910 Digital Unix 4.0x msgchk multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/213238" - }, - { - "name" : "du-msgchk-bo(7101)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7101" - }, - { - "name" : "3311", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3311" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows local users to execute arbitrary code via a long command line argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "du-msgchk-bo(7101)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7101" + }, + { + "name": "3311", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3311" + }, + { + "name": "20010910 Digital Unix 4.0x msgchk multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/213238" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1372.json b/2001/1xxx/CVE-2001-1372.json index fd99ec3cfc6..56e78339d80 100644 --- a/2001/1xxx/CVE-2001-1372.json +++ b/2001/1xxx/CVE-2001-1372.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010917 Yet another path disclosure vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100074087824021&w=2" - }, - { - "name" : "20010921 Response to \"Path disclosure vulnerability in Oracle 9i and 8i", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100119633925473&w=2" - }, - { - "name" : "http://www.nii.co.in/research.html", - "refsource" : "MISC", - "url" : "http://www.nii.co.in/research.html" - }, - { - "name" : "CA-2002-08", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2002-08.html" - }, - { - "name" : "VU#278971", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/278971" - }, - { - "name" : "http://otn.oracle.com/deploy/security/pdf/jspexecute_alert.pdf", - "refsource" : "CONFIRM", - "url" : "http://otn.oracle.com/deploy/security/pdf/jspexecute_alert.pdf" - }, - { - "name" : "3341", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3341" - }, - { - "name" : "oracle-jsp-reveal-path(7135)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7135" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CA-2002-08", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2002-08.html" + }, + { + "name": "3341", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3341" + }, + { + "name": "20010921 Response to \"Path disclosure vulnerability in Oracle 9i and 8i", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=100119633925473&w=2" + }, + { + "name": "VU#278971", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/278971" + }, + { + "name": "20010917 Yet another path disclosure vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=100074087824021&w=2" + }, + { + "name": "http://otn.oracle.com/deploy/security/pdf/jspexecute_alert.pdf", + "refsource": "CONFIRM", + "url": "http://otn.oracle.com/deploy/security/pdf/jspexecute_alert.pdf" + }, + { + "name": "http://www.nii.co.in/research.html", + "refsource": "MISC", + "url": "http://www.nii.co.in/research.html" + }, + { + "name": "oracle-jsp-reveal-path(7135)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7135" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1464.json b/2001/1xxx/CVE-2001-1464.json index 574af7fae6c..3a2746526b0 100644 --- a/2001/1xxx/CVE-2001-1464.json +++ b/2001/1xxx/CVE-2001-1464.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Crystal Reports, when displaying data for a password protected database using HTML pages, embeds the username and password in cleartext in the HTML page and the URL, which allows remote attackers to obtain passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#403307", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/403307" - }, - { - "name" : "crystalreports-plaintext-auth-info(7928)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7928" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Crystal Reports, when displaying data for a password protected database using HTML pages, embeds the username and password in cleartext in the HTML page and the URL, which allows remote attackers to obtain passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#403307", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/403307" + }, + { + "name": "crystalreports-plaintext-auth-info(7928)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7928" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1049.json b/2008/1xxx/CVE-2008-1049.json index 39602ba0542..084def041ae 100644 --- a/2008/1xxx/CVE-2008-1049.json +++ b/2008/1xxx/CVE-2008-1049.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1049", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Parallels SiteStudio before 1.7.2, and 1.8.x before 1.8b, as used in Parallels H-Sphere 3.0 before Patch 9 and 2.5 before Patch 11, has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1049", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.psoft.net/misc/hs_ss_technical_update.html", - "refsource" : "CONFIRM", - "url" : "http://www.psoft.net/misc/hs_ss_technical_update.html" - }, - { - "name" : "28002", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28002" - }, - { - "name" : "1019506", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019506" - }, - { - "name" : "29084", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29084" - }, - { - "name" : "hsphere-sitestudio-unspecified(40846)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40846" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Parallels SiteStudio before 1.7.2, and 1.8.x before 1.8b, as used in Parallels H-Sphere 3.0 before Patch 9 and 2.5 before Patch 11, has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.psoft.net/misc/hs_ss_technical_update.html", + "refsource": "CONFIRM", + "url": "http://www.psoft.net/misc/hs_ss_technical_update.html" + }, + { + "name": "28002", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28002" + }, + { + "name": "29084", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29084" + }, + { + "name": "hsphere-sitestudio-unspecified(40846)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40846" + }, + { + "name": "1019506", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019506" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1131.json b/2008/1xxx/CVE-2008-1131.json index e0ec5b18e77..140151e37a7 100644 --- a/2008/1xxx/CVE-2008-1131.json +++ b/2008/1xxx/CVE-2008-1131.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1131", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/227608", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/227608" - }, - { - "name" : "28026", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28026" - }, - { - "name" : "29118", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/227608", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/227608" + }, + { + "name": "29118", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29118" + }, + { + "name": "28026", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28026" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1690.json b/2008/1xxx/CVE-2008-1690.json index 4568d8636f3..c0dea208d47 100644 --- a/2008/1xxx/CVE-2008-1690.json +++ b/2008/1xxx/CVE-2008-1690.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1690", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a long URI in HTTP requests to TCP port 801. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.org/poc/slmaildos.zip", - "refsource" : "MISC", - "url" : "http://aluigi.org/poc/slmaildos.zip" - }, - { - "name" : "28505", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28505" - }, - { - "name" : "ADV-2008-1039", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1039/references" - }, - { - "name" : "29614", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29614" - }, - { - "name" : "slmailpro-webcontainer-code-execution(41531)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a long URI in HTTP requests to TCP port 801. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "slmailpro-webcontainer-code-execution(41531)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41531" + }, + { + "name": "ADV-2008-1039", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1039/references" + }, + { + "name": "28505", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28505" + }, + { + "name": "29614", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29614" + }, + { + "name": "http://aluigi.org/poc/slmaildos.zip", + "refsource": "MISC", + "url": "http://aluigi.org/poc/slmaildos.zip" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5114.json b/2008/5xxx/CVE-2008-5114.json index 767b6d84798..50bef8d85bc 100644 --- a/2008/5xxx/CVE-2008-5114.json +++ b/2008/5xxx/CVE-2008-5114.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5114", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "243386", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1" - }, - { - "name" : "32262", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32262" - }, - { - "name" : "49765", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/49765" - }, - { - "name" : "1021170", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021170" - }, - { - "name" : "ADV-2008-3128", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3128" - }, - { - "name" : "32606", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32606" - }, - { - "name" : "sun-jsim-unspecified-xss(46552)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "243386", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1" + }, + { + "name": "32606", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32606" + }, + { + "name": "32262", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32262" + }, + { + "name": "ADV-2008-3128", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3128" + }, + { + "name": "sun-jsim-unspecified-xss(46552)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46552" + }, + { + "name": "49765", + "refsource": "OSVDB", + "url": "http://osvdb.org/49765" + }, + { + "name": "1021170", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021170" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5187.json b/2008/5xxx/CVE-2008-5187.json index 3a70000c096..d617685969c 100644 --- a/2008/5xxx/CVE-2008-5187.json +++ b/2008/5xxx/CVE-2008-5187.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5187", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a \"pointer arithmetic error\" and a heap-based buffer overflow, a different vulnerability than CVE-2008-2426." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5187", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20081120 CVE Request: imlib2", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/11/20/5" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505714#15", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505714#15" - }, - { - "name" : "DSA-1672", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1672" - }, - { - "name" : "FEDORA-2008-10287", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00856.html" - }, - { - "name" : "FEDORA-2008-10296", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00858.html" - }, - { - "name" : "GLSA-200812-23", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200812-23.xml" - }, - { - "name" : "MDVSA-2009:019", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:019" - }, - { - "name" : "SUSE-SR:2009:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html" - }, - { - "name" : "USN-683-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-683-1" - }, - { - "name" : "32371", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32371" - }, - { - "name" : "ADV-2008-3212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3212" - }, - { - "name" : "49970", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/49970" - }, - { - "name" : "32796", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32796" - }, - { - "name" : "32843", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32843" - }, - { - "name" : "32949", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32949" - }, - { - "name" : "33323", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33323" - }, - { - "name" : "32963", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32963" - }, - { - "name" : "33568", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33568" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a \"pointer arithmetic error\" and a heap-based buffer overflow, a different vulnerability than CVE-2008-2426." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2009:019", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:019" + }, + { + "name": "DSA-1672", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1672" + }, + { + "name": "32949", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32949" + }, + { + "name": "[oss-security] 20081120 CVE Request: imlib2", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/11/20/5" + }, + { + "name": "32963", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32963" + }, + { + "name": "33323", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33323" + }, + { + "name": "USN-683-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-683-1" + }, + { + "name": "49970", + "refsource": "OSVDB", + "url": "http://osvdb.org/49970" + }, + { + "name": "32796", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32796" + }, + { + "name": "SUSE-SR:2009:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html" + }, + { + "name": "33568", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33568" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505714#15", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505714#15" + }, + { + "name": "32371", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32371" + }, + { + "name": "GLSA-200812-23", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200812-23.xml" + }, + { + "name": "ADV-2008-3212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3212" + }, + { + "name": "32843", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32843" + }, + { + "name": "FEDORA-2008-10296", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00858.html" + }, + { + "name": "FEDORA-2008-10287", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00856.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5890.json b/2008/5xxx/CVE-2008-5890.json index 935f7545f1d..d1a6f6c609c 100644 --- a/2008/5xxx/CVE-2008-5890.json +++ b/2008/5xxx/CVE-2008-5890.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in feeds.php in Injader before 2.1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7517", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7517" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=646897", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=646897" - }, - { - "name" : "32843", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32843" - }, - { - "name" : "33161", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33161" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in feeds.php in Injader before 2.1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32843", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32843" + }, + { + "name": "7517", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7517" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=646897", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=646897" + }, + { + "name": "33161", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33161" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5958.json b/2008/5xxx/CVE-2008-5958.json index 3bd9d3d5f81..a5d98b28623 100644 --- a/2008/5xxx/CVE-2008-5958.json +++ b/2008/5xxx/CVE-2008-5958.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5958", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5958", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7295", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7295" - }, - { - "name" : "32547", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32547" - }, - { - "name" : "ADV-2008-3299", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3299" - }, - { - "name" : "50405", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50405" - }, - { - "name" : "50406", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50406" - }, - { - "name" : "50407", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50407" - }, - { - "name" : "32902", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32902" - }, - { - "name" : "activetest-quizid-sql-injection(46919)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46919" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50407", + "refsource": "OSVDB", + "url": "http://osvdb.org/50407" + }, + { + "name": "ADV-2008-3299", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3299" + }, + { + "name": "7295", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7295" + }, + { + "name": "32547", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32547" + }, + { + "name": "50405", + "refsource": "OSVDB", + "url": "http://osvdb.org/50405" + }, + { + "name": "32902", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32902" + }, + { + "name": "50406", + "refsource": "OSVDB", + "url": "http://osvdb.org/50406" + }, + { + "name": "activetest-quizid-sql-injection(46919)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46919" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2134.json b/2011/2xxx/CVE-2011-2134.json index bfd51a7a2c1..68059b93119 100644 --- a/2011/2xxx/CVE-2011-2134.json +++ b/2011/2xxx/CVE-2011-2134.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2134", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-2134", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-21.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-21.html" - }, - { - "name" : "RHSA-2011:1144", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1144.html" - }, - { - "name" : "SUSE-SA:2011:033", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00006.html" - }, - { - "name" : "SUSE-SU-2011:0894", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00007.html" - }, - { - "name" : "openSUSE-SU-2011:0897", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00008.html" - }, - { - "name" : "TA11-222A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-222A.html" - }, - { - "name" : "oval:org.mitre.oval:def:13979", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13979" - }, - { - "name" : "oval:org.mitre.oval:def:15941", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15941" - }, - { - "name" : "48308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48308" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2011:033", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00006.html" + }, + { + "name": "oval:org.mitre.oval:def:13979", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13979" + }, + { + "name": "48308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48308" + }, + { + "name": "oval:org.mitre.oval:def:15941", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15941" + }, + { + "name": "TA11-222A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-222A.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-21.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-21.html" + }, + { + "name": "SUSE-SU-2011:0894", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00007.html" + }, + { + "name": "RHSA-2011:1144", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1144.html" + }, + { + "name": "openSUSE-SU-2011:0897", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00008.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2588.json b/2011/2xxx/CVE-2011-2588.json index b384d77df47..0ddbdeb28b8 100644 --- a/2011/2xxx/CVE-2011-2588.json +++ b/2011/2xxx/CVE-2011-2588.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2588", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in VideoLAN VLC media player before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted AVI media file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2011-2588", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/?p=vlc.git;a=commit;h=9c14964bd11482d5c1d6c0e223440f9f1e5b1831", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=vlc.git;a=commit;h=9c14964bd11482d5c1d6c0e223440f9f1e5b1831" - }, - { - "name" : "http://www.videolan.org/security/sa1106.html", - "refsource" : "CONFIRM", - "url" : "http://www.videolan.org/security/sa1106.html" - }, - { - "name" : "48664", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48664" - }, - { - "name" : "oval:org.mitre.oval:def:14858", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14858" - }, - { - "name" : "45066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45066" - }, - { - "name" : "vlcmediaplayer-strf-bo(68532)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in VideoLAN VLC media player before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted AVI media file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45066" + }, + { + "name": "oval:org.mitre.oval:def:14858", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14858" + }, + { + "name": "http://www.videolan.org/security/sa1106.html", + "refsource": "CONFIRM", + "url": "http://www.videolan.org/security/sa1106.html" + }, + { + "name": "48664", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48664" + }, + { + "name": "vlcmediaplayer-strf-bo(68532)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68532" + }, + { + "name": "http://git.videolan.org/?p=vlc.git;a=commit;h=9c14964bd11482d5c1d6c0e223440f9f1e5b1831", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=vlc.git;a=commit;h=9c14964bd11482d5c1d6c0e223440f9f1e5b1831" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2594.json b/2011/2xxx/CVE-2011-2594.json index a07d6d5ace3..f207bdb4cd9 100644 --- a/2011/2xxx/CVE-2011-2594.json +++ b/2011/2xxx/CVE-2011-2594.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2594", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in KMPlayer 3.0.0.1441, and possibly other versions, allows remote attackers to execute arbitrary code via a playlist (.KPL) file with a long Title field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2011-2594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "49342", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49342" - }, - { - "name" : "45264", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45264" - }, - { - "name" : "kmplayer-title-bo(69451)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69451" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in KMPlayer 3.0.0.1441, and possibly other versions, allows remote attackers to execute arbitrary code via a playlist (.KPL) file with a long Title field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45264", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45264" + }, + { + "name": "kmplayer-title-bo(69451)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69451" + }, + { + "name": "49342", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49342" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2611.json b/2011/2xxx/CVE-2011-2611.json index 5cdc8d5710f..967eb1ea5b4 100644 --- a/2011/2xxx/CVE-2011-2611.json +++ b/2011/2xxx/CVE-2011-2611.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2611", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the printing functionality in Opera before 11.50 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1150/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1150/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1150/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1150/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1150/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1150/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the printing functionality in Opera before 11.50 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/docs/changelogs/windows/1150/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1150/" + }, + { + "name": "http://www.opera.com/docs/changelogs/unix/1150/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1150/" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1150/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1150/" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2761.json b/2011/2xxx/CVE-2011-2761.json index 26ceeaf0294..e916821107f 100644 --- a/2011/2xxx/CVE-2011-2761.json +++ b/2011/2xxx/CVE-2011-2761.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2761", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome 14.0.794.0 does not properly handle a reload of a page generated in response to a POST, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web site, related to GetWidget methods." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2761", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=86119", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=86119" - }, - { - "name" : "http://codereview.chromium.org/7189019", - "refsource" : "CONFIRM", - "url" : "http://codereview.chromium.org/7189019" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/06/dev-channel-update_16.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/06/dev-channel-update_16.html" - }, - { - "name" : "http://src.chromium.org/viewvc/chrome?view=rev&revision=89409", - "refsource" : "CONFIRM", - "url" : "http://src.chromium.org/viewvc/chrome?view=rev&revision=89409" - }, - { - "name" : "oval:org.mitre.oval:def:13889", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13889" - }, - { - "name" : "google-chrome-reload-dos(68857)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68857" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome 14.0.794.0 does not properly handle a reload of a page generated in response to a POST, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web site, related to GetWidget methods." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:13889", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13889" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=86119", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=86119" + }, + { + "name": "http://src.chromium.org/viewvc/chrome?view=rev&revision=89409", + "refsource": "CONFIRM", + "url": "http://src.chromium.org/viewvc/chrome?view=rev&revision=89409" + }, + { + "name": "google-chrome-reload-dos(68857)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68857" + }, + { + "name": "http://codereview.chromium.org/7189019", + "refsource": "CONFIRM", + "url": "http://codereview.chromium.org/7189019" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/06/dev-channel-update_16.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/06/dev-channel-update_16.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2768.json b/2011/2xxx/CVE-2011-2768.json index 10897bcfbf4..59c42a6ba56 100644 --- a/2011/2xxx/CVE-2011-2768.json +++ b/2011/2xxx/CVE-2011-2768.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.torproject.org/blog/tor-02234-released-security-patches", - "refsource" : "CONFIRM", - "url" : "https://blog.torproject.org/blog/tor-02234-released-security-patches" - }, - { - "name" : "DSA-2331", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2331" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.torproject.org/blog/tor-02234-released-security-patches", + "refsource": "CONFIRM", + "url": "https://blog.torproject.org/blog/tor-02234-released-security-patches" + }, + { + "name": "DSA-2331", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2331" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3143.json b/2011/3xxx/CVE-2011-3143.json index 14dd3a5f718..fd1b07cbd30 100644 --- a/2011/3xxx/CVE-2011-3143.json +++ b/2011/3xxx/CVE-2011-3143.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3143", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/", - "refsource" : "MISC", - "url" : "http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf" - }, - { - "name" : "46312", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46312" - }, - { - "name" : "72989", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/72989" - }, - { - "name" : "44955", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44955" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72989", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/72989" + }, + { + "name": "44955", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44955" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf" + }, + { + "name": "46312", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46312" + }, + { + "name": "http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/", + "refsource": "MISC", + "url": "http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3524.json b/2011/3xxx/CVE-2011-3524.json index 076549e3b81..57ddf6f0c35 100644 --- a/2011/3xxx/CVE-2011-3524.json +++ b/2011/3xxx/CVE-2011-3524.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3524", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDENET), a different vulnerability than CVE-2011-2325, CVE-2011-2326, and CVE-2011-3509." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-3524", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDENET), a different vulnerability than CVE-2011-2325, CVE-2011-2326, and CVE-2011-3509." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0157.json b/2013/0xxx/CVE-2013-0157.json index a575ab30731..19b9d524b8a 100644 --- a/2013/0xxx/CVE-2013-0157.json +++ b/2013/0xxx/CVE-2013-0157.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130106 Re: CVE request: mount/umount leak information about existence of folders", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=135749410312247&w=2" - }, - { - "name" : "http://bugs.debian.org/697464", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/697464" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=892330", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=892330" - }, - { - "name" : "MDVSA-2013:154", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:154" - }, - { - "name" : "RHSA-2013:0517", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0517.html" - }, - { - "name" : "88953", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/88953" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/697464", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/697464" + }, + { + "name": "88953", + "refsource": "OSVDB", + "url": "http://osvdb.org/88953" + }, + { + "name": "RHSA-2013:0517", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0517.html" + }, + { + "name": "[oss-security] 20130106 Re: CVE request: mount/umount leak information about existence of folders", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=135749410312247&w=2" + }, + { + "name": "MDVSA-2013:154", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:154" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=892330", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892330" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0392.json b/2013/0xxx/CVE-2013-0392.json index 4d60786e347..b6d3236ccde 100644 --- a/2013/0xxx/CVE-2013-0392.json +++ b/2013/0xxx/CVE-2013-0392.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote attackers to affect integrity via unknown vectors related to Portal, a different vulnerability than CVE-2012-5059." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-0392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote attackers to affect integrity via unknown vectors related to Portal, a different vulnerability than CVE-2012-5059." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0425.json b/2013/0xxx/CVE-2013-0425.json index 63778db564d..e5c6bf6d063 100644 --- a/2013/0xxx/CVE-2013-0425.json +++ b/2013/0xxx/CVE-2013-0425.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0425", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect \"access control checks\" in the logging API that allow remote attackers to bypass Java sandbox restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-0425", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" - }, - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907344", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907344" - }, - { - "name" : "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", - "refsource" : "CONFIRM", - "url" : "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS" - }, - { - "name" : "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce105dd2e4de", - "refsource" : "CONFIRM", - "url" : "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce105dd2e4de" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02864", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136570436423916&w=2" - }, - { - "name" : "SSRT101156", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136570436423916&w=2" - }, - { - "name" : "HPSBMU02874", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "HPSBUX02857", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" - }, - { - "name" : "SSRT101103", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" - }, - { - "name" : "SSRT101184", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "MDVSA-2013:095", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095" - }, - { - "name" : "RHSA-2013:0236", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0236.html" - }, - { - "name" : "RHSA-2013:0237", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0237.html" - }, - { - "name" : "RHSA-2013:0245", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0245.html" - }, - { - "name" : "RHSA-2013:0246", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0246.html" - }, - { - "name" : "RHSA-2013:0247", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0247.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "openSUSE-SU-2013:0312", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html" - }, - { - "name" : "openSUSE-SU-2013:0377", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html" - }, - { - "name" : "SUSE-SU-2013:0478", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html" - }, - { - "name" : "TA13-032A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" - }, - { - "name" : "VU#858729", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/858729" - }, - { - "name" : "57709", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57709" - }, - { - "name" : "oval:org.mitre.oval:def:16058", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16058" - }, - { - "name" : "oval:org.mitre.oval:def:19483", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19483" - }, - { - "name" : "oval:org.mitre.oval:def:19502", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19502" - }, - { - "name" : "oval:org.mitre.oval:def:19503", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19503" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect \"access control checks\" in the logging API that allow remote attackers to bypass Java sandbox restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "MDVSA-2013:095", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095" + }, + { + "name": "SSRT101156", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136570436423916&w=2" + }, + { + "name": "TA13-032A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" + }, + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907344", + "refsource": "CONFIRM", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907344" + }, + { + "name": "oval:org.mitre.oval:def:19483", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19483" + }, + { + "name": "RHSA-2013:0236", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0236.html" + }, + { + "name": "oval:org.mitre.oval:def:16058", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16058" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "VU#858729", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/858729" + }, + { + "name": "SUSE-SU-2013:0478", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html" + }, + { + "name": "oval:org.mitre.oval:def:19503", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19503" + }, + { + "name": "RHSA-2013:0237", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0237.html" + }, + { + "name": "HPSBUX02857", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2" + }, + { + "name": "RHSA-2013:0247", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0247.html" + }, + { + "name": "oval:org.mitre.oval:def:19502", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19502" + }, + { + "name": "HPSBMU02874", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + }, + { + "name": "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce105dd2e4de", + "refsource": "CONFIRM", + "url": "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce105dd2e4de" + }, + { + "name": "SSRT101103", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2" + }, + { + "name": "openSUSE-SU-2013:0312", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html" + }, + { + "name": "openSUSE-SU-2013:0377", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html" + }, + { + "name": "RHSA-2013:0246", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0246.html" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "HPSBUX02864", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136570436423916&w=2" + }, + { + "name": "RHSA-2013:0245", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0245.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" + }, + { + "name": "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", + "refsource": "CONFIRM", + "url": "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS" + }, + { + "name": "57709", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57709" + }, + { + "name": "SSRT101184", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0482.json b/2013/0xxx/CVE-2013-0482.json index 0f912d9e3cc..37ec5543894 100644 --- a/2013/0xxx/CVE-2013-0482.json +++ b/2013/0xxx/CVE-2013-0482.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.0.2 and WebSphere Message Broker 6.1, 7.0 through 7.0.0.5, and 8.0 through 8.0.0.2, when WS-Security is used, allows remote attackers to spoof the signatures of messages via a crafted SOAP message, related to a \"Signature Wrap attack,\" a different vulnerability than CVE-2011-1377 and CVE-2013-0489." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-0482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21634646", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21634646" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21635474", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21635474" - }, - { - "name" : "IC88185", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC88185" - }, - { - "name" : "PM76582", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM76582" - }, - { - "name" : "PM86026", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM86026" - }, - { - "name" : "was-wssecurity-spoofing(81548)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81548" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.0.2 and WebSphere Message Broker 6.1, 7.0 through 7.0.0.5, and 8.0 through 8.0.0.2, when WS-Security is used, allows remote attackers to spoof the signatures of messages via a crafted SOAP message, related to a \"Signature Wrap attack,\" a different vulnerability than CVE-2011-1377 and CVE-2013-0489." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PM76582", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM76582" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21635474", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21635474" + }, + { + "name": "IC88185", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC88185" + }, + { + "name": "PM86026", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM86026" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21634646", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21634646" + }, + { + "name": "was-wssecurity-spoofing(81548)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81548" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1320.json b/2013/1xxx/CVE-2013-1320.json index a963dbd2e3e..f491aa1842b 100644 --- a/2013/1xxx/CVE-2013-1320.json +++ b/2013/1xxx/CVE-2013-1320.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1320", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka \"Publisher Buffer Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-1320", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-042", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-042" - }, - { - "name" : "TA13-134A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-134A" - }, - { - "name" : "oval:org.mitre.oval:def:16776", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16776" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka \"Publisher Buffer Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16776", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16776" + }, + { + "name": "TA13-134A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-134A" + }, + { + "name": "MS13-042", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-042" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1522.json b/2013/1xxx/CVE-2013-1522.json index 4301a9613f6..c009c99df02 100644 --- a/2013/1xxx/CVE-2013-1522.json +++ b/2013/1xxx/CVE-2013-1522.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote attackers to affect integrity via unknown vectors related to Content Server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-1522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote attackers to affect integrity via unknown vectors related to Content Server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1536.json b/2013/1xxx/CVE-2013-1536.json index cf1a59b05cd..7ee8312cb70 100644 --- a/2013/1xxx/CVE-2013-1536.json +++ b/2013/1xxx/CVE-2013-1536.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.05 and 6.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-1536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.05 and 6.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1643.json b/2013/1xxx/CVE-2013-1643.json index 2df883e5b4f..0648c7d2d7e 100644 --- a/2013/1xxx/CVE-2013-1643.json +++ b/2013/1xxx/CVE-2013-1643.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702221", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702221" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=459904", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=459904" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=918187", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=918187" - }, - { - "name" : "http://git.php.net/?p=php-src.git;a=commit;h=8e76d0404b7f664ee6719fd98f0483f0ac4669d6", - "refsource" : "CONFIRM", - "url" : "http://git.php.net/?p=php-src.git;a=commit;h=8e76d0404b7f664ee6719fd98f0483f0ac4669d6" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "http://support.apple.com/kb/HT5880", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5880" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0101", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0101" - }, - { - "name" : "APPLE-SA-2013-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" - }, - { - "name" : "DSA-2639", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2639" - }, - { - "name" : "MDVSA-2013:114", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:114" - }, - { - "name" : "RHSA-2013:1307", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1307.html" - }, - { - "name" : "RHSA-2013:1615", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1615.html" - }, - { - "name" : "SUSE-SU-2013:1285", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html" - }, - { - "name" : "SUSE-SU-2013:1315", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html" - }, - { - "name" : "USN-1761-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1761-1" - }, - { - "name" : "55078", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55078" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1761-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1761-1" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=459904", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=459904" + }, + { + "name": "http://git.php.net/?p=php-src.git;a=commit;h=8e76d0404b7f664ee6719fd98f0483f0ac4669d6", + "refsource": "CONFIRM", + "url": "http://git.php.net/?p=php-src.git;a=commit;h=8e76d0404b7f664ee6719fd98f0483f0ac4669d6" + }, + { + "name": "MDVSA-2013:114", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:114" + }, + { + "name": "55078", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55078" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=918187", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=918187" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "APPLE-SA-2013-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702221", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702221" + }, + { + "name": "RHSA-2013:1307", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1307.html" + }, + { + "name": "RHSA-2013:1615", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1615.html" + }, + { + "name": "DSA-2639", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2639" + }, + { + "name": "SUSE-SU-2013:1315", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html" + }, + { + "name": "SUSE-SU-2013:1285", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0101", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0101" + }, + { + "name": "http://support.apple.com/kb/HT5880", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5880" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4017.json b/2013/4xxx/CVE-2013-4017.json index 3ebcb5dbfec..551661f7f5c 100644 --- a/2013/4xxx/CVE-2013-4017.json +++ b/2013/4xxx/CVE-2013-4017.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-4017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21651085", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21651085" - }, - { - "name" : "IV42682", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV42682" - }, - { - "name" : "55068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55068" - }, - { - "name" : "maximo-cve20134017-sql-injection(85794)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85794" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "maximo-cve20134017-sql-injection(85794)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85794" + }, + { + "name": "55068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55068" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085" + }, + { + "name": "IV42682", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV42682" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4195.json b/2013/4xxx/CVE-2013-4195.json index cae001bd8f5..5b0200d7c71 100644 --- a/2013/4xxx/CVE-2013-4195.json +++ b/2013/4xxx/CVE-2013-4195.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q3/261" - }, - { - "name" : "http://plone.org/products/plone-hotfix/releases/20130618", - "refsource" : "CONFIRM", - "url" : "http://plone.org/products/plone-hotfix/releases/20130618" - }, - { - "name" : "http://plone.org/products/plone/security/advisories/20130618-announcement", - "refsource" : "CONFIRM", - "url" : "http://plone.org/products/plone/security/advisories/20130618-announcement" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=978471", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=978471" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=978471", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=978471" + }, + { + "name": "http://plone.org/products/plone/security/advisories/20130618-announcement", + "refsource": "CONFIRM", + "url": "http://plone.org/products/plone/security/advisories/20130618-announcement" + }, + { + "name": "http://plone.org/products/plone-hotfix/releases/20130618", + "refsource": "CONFIRM", + "url": "http://plone.org/products/plone-hotfix/releases/20130618" + }, + { + "name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q3/261" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4381.json b/2013/4xxx/CVE-2013-4381.json index c9d9128c28f..8b13136ff52 100644 --- a/2013/4xxx/CVE-2013-4381.json +++ b/2013/4xxx/CVE-2013-4381.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4381", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-5938. Reason: This candidate is a duplicate of CVE-2013-5938. Notes: All CVE users should reference CVE-2013-5938 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-4381", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-5938. Reason: This candidate is a duplicate of CVE-2013-5938. Notes: All CVE users should reference CVE-2013-5938 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4408.json b/2013/4xxx/CVE-2013-4408.json index 92c94e9a148..025b032cfd6 100644 --- a/2013/4xxx/CVE-2013-4408.json +++ b/2013/4xxx/CVE-2013-4408.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4408", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4408", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.samba.org/samba/ftp/patches/security/samba-4.1.2-CVE-2013-4408-CVE-2012-6150.patch", - "refsource" : "CONFIRM", - "url" : "http://www.samba.org/samba/ftp/patches/security/samba-4.1.2-CVE-2013-4408-CVE-2012-6150.patch" - }, - { - "name" : "http://www.samba.org/samba/security/CVE-2013-4408", - "refsource" : "CONFIRM", - "url" : "http://www.samba.org/samba/security/CVE-2013-4408" - }, - { - "name" : "DSA-2812", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2812" - }, - { - "name" : "FEDORA-2014-9132", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html" - }, - { - "name" : "FEDORA-2014-7672", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html" - }, - { - "name" : "GLSA-201502-15", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-15.xml" - }, - { - "name" : "HPSBUX03087", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141660010015249&w=2" - }, - { - "name" : "SSRT101413", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141660010015249&w=2" - }, - { - "name" : "MDVSA-2013:299", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:299" - }, - { - "name" : "RHSA-2013:1805", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1805.html" - }, - { - "name" : "RHSA-2013:1806", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1806.html" - }, - { - "name" : "RHSA-2014:0009", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0009.html" - }, - { - "name" : "openSUSE-SU-2013:1921", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00088.html" - }, - { - "name" : "SUSE-SU-2014:0024", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00002.html" - }, - { - "name" : "openSUSE-SU-2014:0405", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00063.html" - }, - { - "name" : "openSUSE-SU-2016:1106", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html" - }, - { - "name" : "openSUSE-SU-2016:1107", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html" - }, - { - "name" : "USN-2054-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2054-1" - }, - { - "name" : "64191", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBUX03087", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141660010015249&w=2" + }, + { + "name": "USN-2054-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2054-1" + }, + { + "name": "RHSA-2013:1805", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1805.html" + }, + { + "name": "http://www.samba.org/samba/security/CVE-2013-4408", + "refsource": "CONFIRM", + "url": "http://www.samba.org/samba/security/CVE-2013-4408" + }, + { + "name": "FEDORA-2014-9132", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html" + }, + { + "name": "SSRT101413", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141660010015249&w=2" + }, + { + "name": "http://www.samba.org/samba/ftp/patches/security/samba-4.1.2-CVE-2013-4408-CVE-2012-6150.patch", + "refsource": "CONFIRM", + "url": "http://www.samba.org/samba/ftp/patches/security/samba-4.1.2-CVE-2013-4408-CVE-2012-6150.patch" + }, + { + "name": "DSA-2812", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2812" + }, + { + "name": "SUSE-SU-2014:0024", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00002.html" + }, + { + "name": "openSUSE-SU-2014:0405", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00063.html" + }, + { + "name": "GLSA-201502-15", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-15.xml" + }, + { + "name": "FEDORA-2014-7672", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html" + }, + { + "name": "openSUSE-SU-2013:1921", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00088.html" + }, + { + "name": "openSUSE-SU-2016:1106", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html" + }, + { + "name": "RHSA-2013:1806", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1806.html" + }, + { + "name": "openSUSE-SU-2016:1107", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html" + }, + { + "name": "64191", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64191" + }, + { + "name": "RHSA-2014:0009", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0009.html" + }, + { + "name": "MDVSA-2013:299", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:299" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5162.json b/2013/5xxx/CVE-2013-5162.json index 3081d81f624..dca20557116 100644 --- a/2013/5xxx/CVE-2013-5162.json +++ b/2013/5xxx/CVE-2013-5162.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-5162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2013-10-22-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00002.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2013-10-22-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5587.json b/2013/5xxx/CVE-2013-5587.json index e6bcf033d4c..12a4a1e2458 100644 --- a/2013/5xxx/CVE-2013-5587.json +++ b/2013/5xxx/CVE-2013-5587.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5587", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different affected versions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[rt-announce] 20130522 RT 3.8.17 released", - "refsource" : "MLIST", - "url" : "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html" - }, - { - "name" : "[rt-announce] 20130522 RT 4.0.13 released", - "refsource" : "MLIST", - "url" : "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html" - }, - { - "name" : "[rt-announce] 20130522 Security vulnerabilities in RT", - "refsource" : "MLIST", - "url" : "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html" - }, - { - "name" : "DSA-2670", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2670" - }, - { - "name" : "53505", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53505" - }, - { - "name" : "53522", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53522" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different affected versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[rt-announce] 20130522 RT 3.8.17 released", + "refsource": "MLIST", + "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html" + }, + { + "name": "[rt-announce] 20130522 Security vulnerabilities in RT", + "refsource": "MLIST", + "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html" + }, + { + "name": "[rt-announce] 20130522 RT 4.0.13 released", + "refsource": "MLIST", + "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html" + }, + { + "name": "53505", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53505" + }, + { + "name": "DSA-2670", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2670" + }, + { + "name": "53522", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53522" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5934.json b/2013/5xxx/CVE-2013-5934.json index 1472c85a071..844246d9f0f 100644 --- a/2013/5xxx/CVE-2013-5934.json +++ b/2013/5xxx/CVE-2013-5934.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5934", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this password in the source code and then sending the password in a Hazelcast cluster API call, a different vulnerability than CVE-2013-5200." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5934", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130910 Open-Xchange Security Advisory 2013-09-10", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this password in the source code and then sending the password in a Hazelcast cluster API call, a different vulnerability than CVE-2013-5200." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130910 Open-Xchange Security Advisory 2013-09-10", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000251.json b/2017/1000xxx/CVE-2017-1000251.json index 4d75f31dac8..62aab62892d 100644 --- a/2017/1000xxx/CVE-2017-1000251.json +++ b/2017/1000xxx/CVE-2017-1000251.json @@ -1,164 +1,164 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-09-08", - "ID" : "CVE-2017-1000251", - "REQUESTER" : "security@armis.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Linux Kernel", - "version" : { - "version_data" : [ - { - "version_value" : "3.3-rc1 through 4.13.1" - } - ] - } - } - ] - }, - "vendor_name" : "Linux Kernel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-121" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-09-08", + "ID": "CVE-2017-1000251", + "REQUESTER": "security@armis.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42762", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42762/" - }, - { - "name" : "https://www.armis.com/blueborne", - "refsource" : "MISC", - "url" : "https://www.armis.com/blueborne" - }, - { - "name" : "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe" - }, - { - "name" : "https://access.redhat.com/security/vulnerabilities/blueborne", - "refsource" : "CONFIRM", - "url" : "https://access.redhat.com/security/vulnerabilities/blueborne" - }, - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" - }, - { - "name" : "https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne" - }, - { - "name" : "DSA-3981", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3981" - }, - { - "name" : "RHSA-2017:2704", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2704" - }, - { - "name" : "RHSA-2017:2705", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2705" - }, - { - "name" : "RHSA-2017:2706", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2706" - }, - { - "name" : "RHSA-2017:2707", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2707" - }, - { - "name" : "RHSA-2017:2731", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2731" - }, - { - "name" : "RHSA-2017:2732", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2732" - }, - { - "name" : "RHSA-2017:2679", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2679" - }, - { - "name" : "RHSA-2017:2680", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2680" - }, - { - "name" : "RHSA-2017:2681", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2681" - }, - { - "name" : "RHSA-2017:2682", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2682" - }, - { - "name" : "RHSA-2017:2683", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2683" - }, - { - "name" : "VU#240311", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/240311" - }, - { - "name" : "100809", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100809" - }, - { - "name" : "1039373", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039373" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:2732", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2732" + }, + { + "name": "42762", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42762/" + }, + { + "name": "RHSA-2017:2705", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2705" + }, + { + "name": "RHSA-2017:2683", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2683" + }, + { + "name": "RHSA-2017:2704", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2704" + }, + { + "name": "RHSA-2017:2682", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2682" + }, + { + "name": "https://access.redhat.com/security/vulnerabilities/blueborne", + "refsource": "CONFIRM", + "url": "https://access.redhat.com/security/vulnerabilities/blueborne" + }, + { + "name": "https://www.armis.com/blueborne", + "refsource": "MISC", + "url": "https://www.armis.com/blueborne" + }, + { + "name": "1039373", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039373" + }, + { + "name": "RHSA-2017:2731", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2731" + }, + { + "name": "DSA-3981", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3981" + }, + { + "name": "RHSA-2017:2706", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2706" + }, + { + "name": "https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne", + "refsource": "CONFIRM", + "url": "https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne" + }, + { + "name": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/f2fcfcd670257236ebf2088bbdf26f6a8ef459fe" + }, + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" + }, + { + "name": "100809", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100809" + }, + { + "name": "VU#240311", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/240311" + }, + { + "name": "RHSA-2017:2681", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2681" + }, + { + "name": "RHSA-2017:2679", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2679" + }, + { + "name": "RHSA-2017:2680", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2680" + }, + { + "name": "RHSA-2017:2707", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2707" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12160.json b/2017/12xxx/CVE-2017-12160.json index 0b16fe0ec95..c93da66bce5 100644 --- a/2017/12xxx/CVE-2017-12160.json +++ b/2017/12xxx/CVE-2017-12160.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2017-10-17T00:00:00", - "ID" : "CVE-2017-12160", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "keycloak", - "version" : { - "version_data" : [ - { - "version_value" : "3.4.0" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-285" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2017-10-17T00:00:00", + "ID": "CVE-2017-12160", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "keycloak", + "version": { + "version_data": [ + { + "version_value": "3.4.0" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1484154", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1484154" - }, - { - "name" : "RHSA-2017:2904", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2904" - }, - { - "name" : "RHSA-2017:2905", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2905" - }, - { - "name" : "RHSA-2017:2906", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2906" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:2904", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2904" + }, + { + "name": "RHSA-2017:2905", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2905" + }, + { + "name": "RHSA-2017:2906", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2906" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1484154", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484154" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12585.json b/2017/12xxx/CVE-2017-12585.json index 3f5ff727fdb..3ae6eeaa098 100644 --- a/2017/12xxx/CVE-2017-12585.json +++ b/2017/12xxx/CVE-2017-12585.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. It can be exploited by remote authenticated librarian users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/slims/slims8_akasia/issues/47", - "refsource" : "CONFIRM", - "url" : "https://github.com/slims/slims8_akasia/issues/47" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. It can be exploited by remote authenticated librarian users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/slims/slims8_akasia/issues/47", + "refsource": "CONFIRM", + "url": "https://github.com/slims/slims8_akasia/issues/47" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12857.json b/2017/12xxx/CVE-2017-12857.json index 53509e6a80d..b7e586db697 100644 --- a/2017/12xxx/CVE-2017-12857.json +++ b/2017/12xxx/CVE-2017-12857.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12857", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12857", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-information-disclosure-on-polycom-voice-products-v1.0.pdf", - "refsource" : "CONFIRM", - "url" : "http://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-information-disclosure-on-polycom-voice-products-v1.0.pdf" - }, - { - "name" : "1039309", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039309" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039309", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039309" + }, + { + "name": "http://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-information-disclosure-on-polycom-voice-products-v1.0.pdf", + "refsource": "CONFIRM", + "url": "http://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-information-disclosure-on-polycom-voice-products-v1.0.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12899.json b/2017/12xxx/CVE-2017-12899.json index 83db3168a5e..4820542ba96 100644 --- a/2017/12xxx/CVE-2017-12899.json +++ b/2017/12xxx/CVE-2017-12899.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tcpdump.org/tcpdump-changes.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tcpdump.org/tcpdump-changes.txt" - }, - { - "name" : "https://github.com/the-tcpdump-group/tcpdump/commit/c6e0531b5def26ecf912e8de6ade86cbdaed3751", - "refsource" : "CONFIRM", - "url" : "https://github.com/the-tcpdump-group/tcpdump/commit/c6e0531b5def26ecf912e8de6ade86cbdaed3751" - }, - { - "name" : "https://github.com/the-tcpdump-group/tcpdump/commit/f96003b21e2abfbba59b926b10a7f9bc7d11e36c", - "refsource" : "CONFIRM", - "url" : "https://github.com/the-tcpdump-group/tcpdump/commit/f96003b21e2abfbba59b926b10a7f9bc7d11e36c" - }, - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "DSA-3971", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3971" - }, - { - "name" : "GLSA-201709-23", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-23" - }, - { - "name" : "RHEA-2018:0705", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHEA-2018:0705" - }, - { - "name" : "1039307", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201709-23", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-23" + }, + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "DSA-3971", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3971" + }, + { + "name": "https://github.com/the-tcpdump-group/tcpdump/commit/c6e0531b5def26ecf912e8de6ade86cbdaed3751", + "refsource": "CONFIRM", + "url": "https://github.com/the-tcpdump-group/tcpdump/commit/c6e0531b5def26ecf912e8de6ade86cbdaed3751" + }, + { + "name": "1039307", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039307" + }, + { + "name": "https://github.com/the-tcpdump-group/tcpdump/commit/f96003b21e2abfbba59b926b10a7f9bc7d11e36c", + "refsource": "CONFIRM", + "url": "https://github.com/the-tcpdump-group/tcpdump/commit/f96003b21e2abfbba59b926b10a7f9bc7d11e36c" + }, + { + "name": "http://www.tcpdump.org/tcpdump-changes.txt", + "refsource": "CONFIRM", + "url": "http://www.tcpdump.org/tcpdump-changes.txt" + }, + { + "name": "RHEA-2018:0705", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHEA-2018:0705" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16045.json b/2017/16xxx/CVE-2017-16045.json index 15d8f7ad4c1..25553dca1b9 100644 --- a/2017/16xxx/CVE-2017-16045.json +++ b/2017/16xxx/CVE-2017-16045.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16045", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "jquery.js node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "`jquery.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Embedded Malicious Code (CWE-506)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "jquery.js node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/496", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "`jquery.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Embedded Malicious Code (CWE-506)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/496", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/496" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16297.json b/2017/16xxx/CVE-2017-16297.json index 7ca27ca9699..0d3ea0f8bc5 100644 --- a/2017/16xxx/CVE-2017-16297.json +++ b/2017/16xxx/CVE-2017-16297.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16297", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16297", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16328.json b/2017/16xxx/CVE-2017-16328.json index cb78ec58e1c..02e4e461f6b 100644 --- a/2017/16xxx/CVE-2017-16328.json +++ b/2017/16xxx/CVE-2017-16328.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16328", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16328", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16512.json b/2017/16xxx/CVE-2017-16512.json index 9aecf160b3c..d352c1eb197 100644 --- a/2017/16xxx/CVE-2017-16512.json +++ b/2017/16xxx/CVE-2017-16512.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16512", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 through 5.0.4 allows local users to steal root privileges via a crafted update request when no updates are available." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://m4.rkw.io/blog/cve201716512-hashicorp-vagrantvmwarefusion-v502504-local-root.html", - "refsource" : "MISC", - "url" : "https://m4.rkw.io/blog/cve201716512-hashicorp-vagrantvmwarefusion-v502504-local-root.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 through 5.0.4 allows local users to steal root privileges via a crafted update request when no updates are available." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://m4.rkw.io/blog/cve201716512-hashicorp-vagrantvmwarefusion-v502504-local-root.html", + "refsource": "MISC", + "url": "https://m4.rkw.io/blog/cve201716512-hashicorp-vagrantvmwarefusion-v502504-local-root.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16789.json b/2017/16xxx/CVE-2017-16789.json index 29fea3e9c53..068814706e9 100644 --- a/2017/16xxx/CVE-2017-16789.json +++ b/2017/16xxx/CVE-2017-16789.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16789", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Integration Matters nJAMS 3 before 3.2.0 Hotfix 7, as used in TIBCO BusinessWorks Process Monitor through 3.0.1.3 and other products, allows remote authenticated administrators to inject arbitrary web script or HTML via the users management panel of the web interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16789", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pastebin.com/AxvP1v2Z", - "refsource" : "MISC", - "url" : "https://pastebin.com/AxvP1v2Z" - }, - { - "name" : "https://www.on-x.com/sites/default/files/on-x_-_security_advisory_-_njams3_-_cve-2017-16789.pdf", - "refsource" : "MISC", - "url" : "https://www.on-x.com/sites/default/files/on-x_-_security_advisory_-_njams3_-_cve-2017-16789.pdf" - }, - { - "name" : "https://www.integrationmatters.com/cms/upload/Resources/nJAMS_SecurityUpdate_CVE-2017-16789.pdf", - "refsource" : "CONFIRM", - "url" : "https://www.integrationmatters.com/cms/upload/Resources/nJAMS_SecurityUpdate_CVE-2017-16789.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Integration Matters nJAMS 3 before 3.2.0 Hotfix 7, as used in TIBCO BusinessWorks Process Monitor through 3.0.1.3 and other products, allows remote authenticated administrators to inject arbitrary web script or HTML via the users management panel of the web interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.on-x.com/sites/default/files/on-x_-_security_advisory_-_njams3_-_cve-2017-16789.pdf", + "refsource": "MISC", + "url": "https://www.on-x.com/sites/default/files/on-x_-_security_advisory_-_njams3_-_cve-2017-16789.pdf" + }, + { + "name": "https://pastebin.com/AxvP1v2Z", + "refsource": "MISC", + "url": "https://pastebin.com/AxvP1v2Z" + }, + { + "name": "https://www.integrationmatters.com/cms/upload/Resources/nJAMS_SecurityUpdate_CVE-2017-16789.pdf", + "refsource": "CONFIRM", + "url": "https://www.integrationmatters.com/cms/upload/Resources/nJAMS_SecurityUpdate_CVE-2017-16789.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4079.json b/2017/4xxx/CVE-2017-4079.json index 6510958ecd5..313969a81b4 100644 --- a/2017/4xxx/CVE-2017-4079.json +++ b/2017/4xxx/CVE-2017-4079.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4079", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4079", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4198.json b/2017/4xxx/CVE-2017-4198.json index 0530bce69ce..68e390972f6 100644 --- a/2017/4xxx/CVE-2017-4198.json +++ b/2017/4xxx/CVE-2017-4198.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4198", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4198", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4390.json b/2017/4xxx/CVE-2017-4390.json index e0b0d679694..ab07664f65f 100644 --- a/2017/4xxx/CVE-2017-4390.json +++ b/2017/4xxx/CVE-2017-4390.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4390", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4390", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18287.json b/2018/18xxx/CVE-2018-18287.json index 6e823719d83..3654cccccd1 100644 --- a/2018/18xxx/CVE-2018-18287.json +++ b/2018/18xxx/CVE-2018-18287.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On ASUS RT-AC58U 3.0.0.4.380_6516 devices, remote attackers can discover hostnames and IP addresses by reading dhcpLeaseInfo data in the HTML source code of the Main_Login.asp page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/remix30303/AsusLeak", - "refsource" : "MISC", - "url" : "https://github.com/remix30303/AsusLeak" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On ASUS RT-AC58U 3.0.0.4.380_6516 devices, remote attackers can discover hostnames and IP addresses by reading dhcpLeaseInfo data in the HTML source code of the Main_Login.asp page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/remix30303/AsusLeak", + "refsource": "MISC", + "url": "https://github.com/remix30303/AsusLeak" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18341.json b/2018/18xxx/CVE-2018-18341.json index 747040b8c0c..b62362097cf 100644 --- a/2018/18xxx/CVE-2018-18341.json +++ b/2018/18xxx/CVE-2018-18341.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-18341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "71.0.3578.80" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-18341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "71.0.3578.80" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/901030", - "refsource" : "MISC", - "url" : "https://crbug.com/901030" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4352", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4352" - }, - { - "name" : "RHSA-2018:3803", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3803" - }, - { - "name" : "106084", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/901030", + "refsource": "MISC", + "url": "https://crbug.com/901030" + }, + { + "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" + }, + { + "name": "RHSA-2018:3803", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3803" + }, + { + "name": "DSA-4352", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4352" + }, + { + "name": "106084", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106084" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18559.json b/2018/18xxx/CVE-2018-18559.json index f30388fe1f0..fcb592f6e8b 100644 --- a/2018/18xxx/CVE-2018-18559.json +++ b/2018/18xxx/CVE-2018-18559.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.securiteam.com/index.php/archives/3731", - "refsource" : "MISC", - "url" : "https://blogs.securiteam.com/index.php/archives/3731" - }, - { - "name" : "RHSA-2019:0163", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0163" - }, - { - "name" : "RHSA-2019:0188", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0188" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2019:0188", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0188" + }, + { + "name": "RHSA-2019:0163", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0163" + }, + { + "name": "https://blogs.securiteam.com/index.php/archives/3731", + "refsource": "MISC", + "url": "https://blogs.securiteam.com/index.php/archives/3731" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18829.json b/2018/18xxx/CVE-2018-18829.json index 2b5bf49320f..9bd539e8d2c 100644 --- a/2018/18xxx/CVE-2018-18829.json +++ b/2018/18xxx/CVE-2018-18829.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18829", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There exists a NULL pointer dereference in ff_vc1_parse_frame_header_adv in vc1.c in Libav 12.3, which allows attackers to cause a denial-of-service through a crafted aac file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.libav.org/show_bug.cgi?id=1136", - "refsource" : "MISC", - "url" : "https://bugzilla.libav.org/show_bug.cgi?id=1136" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There exists a NULL pointer dereference in ff_vc1_parse_frame_header_adv in vc1.c in Libav 12.3, which allows attackers to cause a denial-of-service through a crafted aac file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.libav.org/show_bug.cgi?id=1136", + "refsource": "MISC", + "url": "https://bugzilla.libav.org/show_bug.cgi?id=1136" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1197.json b/2018/1xxx/CVE-2018-1197.json index 75caf2af159..a21b61cc07f 100644 --- a/2018/1xxx/CVE-2018-1197.json +++ b/2018/1xxx/CVE-2018-1197.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "DATE_PUBLIC" : "2018-02-22T00:00:00", - "ID" : "CVE-2018-1197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Stemcells", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to 1200.14" - } - ] - } - } - ] - }, - "vendor_name" : "Dell EMC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "GCP Metadata Endpoint Accessible from Application Containers on Windows" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-02-22T00:00:00", + "ID": "CVE-2018-1197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Stemcells", + "version": { + "version_data": [ + { + "version_value": "All versions prior to 1200.14" + } + ] + } + } + ] + }, + "vendor_name": "Dell EMC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.cloudfoundry.org/blog/cve-2018-1197/", - "refsource" : "CONFIRM", - "url" : "https://www.cloudfoundry.org/blog/cve-2018-1197/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "GCP Metadata Endpoint Accessible from Application Containers on Windows" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cloudfoundry.org/blog/cve-2018-1197/", + "refsource": "CONFIRM", + "url": "https://www.cloudfoundry.org/blog/cve-2018-1197/" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1282.json b/2018/1xxx/CVE-2018-1282.json index 5fa8a03cd14..7dd806fab4d 100644 --- a/2018/1xxx/CVE-2018-1282.json +++ b/2018/1xxx/CVE-2018-1282.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-04-04T00:00:00", - "ID" : "CVE-2018-1282", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Hive", - "version" : { - "version_data" : [ - { - "version_value" : "0.7.1 to 2.3.2" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL Injection" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-04-04T00:00:00", + "ID": "CVE-2018-1282", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Hive", + "version": { + "version_data": [ + { + "version_value": "0.7.1 to 2.3.2" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dev] 20180404 [SECURITY] CVE-2018-1282 JDBC driver is susceptible to SQL injection attack if the input parameters are not properly cleaned", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/74bd2bff1827febb348dfb323986fa340d3bb97a315ab93c3ccc8299@%3Cdev.hive.apache.org%3E" - }, - { - "name" : "103751", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103751" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103751", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103751" + }, + { + "name": "[dev] 20180404 [SECURITY] CVE-2018-1282 JDBC driver is susceptible to SQL injection attack if the input parameters are not properly cleaned", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/74bd2bff1827febb348dfb323986fa340d3bb97a315ab93c3ccc8299@%3Cdev.hive.apache.org%3E" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5145.json b/2018/5xxx/CVE-2018-5145.json index b3157993fda..f54a82984b3 100644 --- a/2018/5xxx/CVE-2018-5145.json +++ b/2018/5xxx/CVE-2018-5145.json @@ -1,144 +1,144 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-5145", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.7" - } - ] - } - }, - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.7" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory safety bugs fixed in Firefox ESR 52.7" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-5145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.7" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.7" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html" - }, - { - "name" : "[debian-lts-announce] 20180329 [SECURITY] [DLA 1327-1] thunderbird security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html" - }, - { - "name" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1261175%2C1348955", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1261175%2C1348955" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-07/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-07/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-09/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-09/" - }, - { - "name" : "DSA-4139", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4139" - }, - { - "name" : "DSA-4155", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4155" - }, - { - "name" : "GLSA-201811-13", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-13" - }, - { - "name" : "RHSA-2018:0526", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0526" - }, - { - "name" : "RHSA-2018:0527", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0527" - }, - { - "name" : "RHSA-2018:0647", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0647" - }, - { - "name" : "RHSA-2018:0648", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0648" - }, - { - "name" : "USN-3545-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3545-1/" - }, - { - "name" : "103384", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103384" - }, - { - "name" : "1040514", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040514" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox ESR 52.7" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1261175%2C1348955", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1261175%2C1348955" + }, + { + "name": "DSA-4139", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4139" + }, + { + "name": "GLSA-201811-13", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-13" + }, + { + "name": "RHSA-2018:0527", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0527" + }, + { + "name": "USN-3545-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3545-1/" + }, + { + "name": "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-09/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-09/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-07/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-07/" + }, + { + "name": "RHSA-2018:0526", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0526" + }, + { + "name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1327-1] thunderbird security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html" + }, + { + "name": "DSA-4155", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4155" + }, + { + "name": "RHSA-2018:0648", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0648" + }, + { + "name": "RHSA-2018:0647", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0647" + }, + { + "name": "1040514", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040514" + }, + { + "name": "103384", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103384" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5555.json b/2018/5xxx/CVE-2018-5555.json index 663c3c2a1ca..d98f83e26e4 100644 --- a/2018/5xxx/CVE-2018-5555.json +++ b/2018/5xxx/CVE-2018-5555.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5555", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5555", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5590.json b/2018/5xxx/CVE-2018-5590.json index 01f10370574..32219fa718c 100644 --- a/2018/5xxx/CVE-2018-5590.json +++ b/2018/5xxx/CVE-2018-5590.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5590", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5590", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5872.json b/2018/5xxx/CVE-2018-5872.json index 199a7fa697c..a476a029925 100644 --- a/2018/5xxx/CVE-2018-5872.json +++ b/2018/5xxx/CVE-2018-5872.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-07-02T00:00:00", - "ID" : "CVE-2018-5872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "While parsing over-the-air information elements in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, the use of an out-of-range pointer offset can occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use of Out-of-range Pointer Offset in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-07-02T00:00:00", + "ID": "CVE-2018-5872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-07-01" - }, - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=7d65c1b32df795d4e95cdf2cfb624126f5125220", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=7d65c1b32df795d4e95cdf2cfb624126f5125220" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "While parsing over-the-air information elements in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, the use of an out-of-range pointer offset can occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of Out-of-range Pointer Offset in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin" + }, + { + "name": "https://source.android.com/security/bulletin/2018-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-07-01" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=7d65c1b32df795d4e95cdf2cfb624126f5125220", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=7d65c1b32df795d4e95cdf2cfb624126f5125220" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5933.json b/2018/5xxx/CVE-2018-5933.json index 4940b838723..fae367a9447 100644 --- a/2018/5xxx/CVE-2018-5933.json +++ b/2018/5xxx/CVE-2018-5933.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5933", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5933", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file