diff --git a/2001/0xxx/CVE-2001-0712.json b/2001/0xxx/CVE-2001-0712.json index 8134083aa42..5e8c3b3b076 100644 --- a/2001/0xxx/CVE-2001-0712.json +++ b/2001/0xxx/CVE-2001-0712.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The rendering engine in Internet Explorer determines the MIME type independently of the type that is specified by the server, which allows remote servers to automatically execute script which is placed in a file whose MIME type does not normally support scripting, such as text (.txt), JPEG (.jpg), etc." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010727 TXT or HTML? -- IE NEW BUG", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/200109" - }, - { - "name" : "20010729 Re: TXT or HTML? -- IE NEW BUG", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/200291" - }, - { - "name" : "3116", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3116" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The rendering engine in Internet Explorer determines the MIME type independently of the type that is specified by the server, which allows remote servers to automatically execute script which is placed in a file whose MIME type does not normally support scripting, such as text (.txt), JPEG (.jpg), etc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010729 Re: TXT or HTML? -- IE NEW BUG", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/200291" + }, + { + "name": "20010727 TXT or HTML? -- IE NEW BUG", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/200109" + }, + { + "name": "3116", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3116" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1484.json b/2008/1xxx/CVE-2008-1484.json index 8f54b4a7121..6b11c5fef75 100644 --- a/2008/1xxx/CVE-2008-1484.json +++ b/2008/1xxx/CVE-2008-1484.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1484", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1484", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080220 Advisory SE-2008-01: PunBB Blind Password Recovery Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488408/100/200/threaded" - }, - { - "name" : "http://sektioneins.de/advisories/SE-2008-01.txt", - "refsource" : "MISC", - "url" : "http://sektioneins.de/advisories/SE-2008-01.txt" - }, - { - "name" : "5165", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5165" - }, - { - "name" : "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt", - "refsource" : "CONFIRM", - "url" : "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt" - }, - { - "name" : "http://punbb.org/forums/viewtopic.php?id=18460", - "refsource" : "CONFIRM", - "url" : "http://punbb.org/forums/viewtopic.php?id=18460" - }, - { - "name" : "27908", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27908" - }, - { - "name" : "45561", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45561" - }, - { - "name" : "29043", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29043" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://punbb.org/forums/viewtopic.php?id=18460", + "refsource": "CONFIRM", + "url": "http://punbb.org/forums/viewtopic.php?id=18460" + }, + { + "name": "29043", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29043" + }, + { + "name": "http://sektioneins.de/advisories/SE-2008-01.txt", + "refsource": "MISC", + "url": "http://sektioneins.de/advisories/SE-2008-01.txt" + }, + { + "name": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt", + "refsource": "CONFIRM", + "url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt" + }, + { + "name": "45561", + "refsource": "OSVDB", + "url": "http://osvdb.org/45561" + }, + { + "name": "20080220 Advisory SE-2008-01: PunBB Blind Password Recovery Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488408/100/200/threaded" + }, + { + "name": "5165", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5165" + }, + { + "name": "27908", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27908" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1667.json b/2008/1xxx/CVE-2008-1667.json index b2d6d2a3d64..92bfe066d95 100644 --- a/2008/1xxx/CVE-2008-1667.json +++ b/2008/1xxx/CVE-2008-1667.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1667", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Probe Builder Service (aka PBOVISServer.exe) in European Performance Systems (EPS) Probe Builder 2.2 before A.02.20.901, as used in HP OpenView Internet Services (OVIS) on Windows, allows remote attackers to kill arbitrary processes via a process ID number in an unspecified opcode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1667", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080728 Hewlett-Packard OVIS Probe Builder Arbitrary Process Termination Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=728" - }, - { - "name" : "HPSBMA02353", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=121726629109585&w=2" - }, - { - "name" : "SSRT080066", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=121726629109585&w=2" - }, - { - "name" : "30403", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30403" - }, - { - "name" : "ADV-2008-2227", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2227/references" - }, - { - "name" : "ADV-2008-2228", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2228/references" - }, - { - "name" : "1020568", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020568" - }, - { - "name" : "31278", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31278" - }, - { - "name" : "31282", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31282" - }, - { - "name" : "4054", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4054" - }, - { - "name" : "hp-ovis-pbovisserver-dos(44041)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44041" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Probe Builder Service (aka PBOVISServer.exe) in European Performance Systems (EPS) Probe Builder 2.2 before A.02.20.901, as used in HP OpenView Internet Services (OVIS) on Windows, allows remote attackers to kill arbitrary processes via a process ID number in an unspecified opcode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31282", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31282" + }, + { + "name": "SSRT080066", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=121726629109585&w=2" + }, + { + "name": "HPSBMA02353", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=121726629109585&w=2" + }, + { + "name": "hp-ovis-pbovisserver-dos(44041)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44041" + }, + { + "name": "ADV-2008-2227", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2227/references" + }, + { + "name": "30403", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30403" + }, + { + "name": "ADV-2008-2228", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2228/references" + }, + { + "name": "20080728 Hewlett-Packard OVIS Probe Builder Arbitrary Process Termination Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=728" + }, + { + "name": "4054", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4054" + }, + { + "name": "31278", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31278" + }, + { + "name": "1020568", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020568" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1890.json b/2008/1xxx/CVE-2008-1890.json index 9049f424068..af5b4f63179 100644 --- a/2008/1xxx/CVE-2008-1890.json +++ b/2008/1xxx/CVE-2008-1890.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Jom Comment 2.0 build 345 component for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "28812", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28812" - }, - { - "name" : "29820", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29820" - }, - { - "name" : "jomcomment-unspecified-sql-injection(41866)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41866" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Jom Comment 2.0 build 345 component for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28812", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28812" + }, + { + "name": "jomcomment-unspecified-sql-injection(41866)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41866" + }, + { + "name": "29820", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29820" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5057.json b/2008/5xxx/CVE-2008-5057.json index 3f895aac884..1d095f4783f 100644 --- a/2008/5xxx/CVE-2008-5057.json +++ b/2008/5xxx/CVE-2008-5057.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5057", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in film.asp in Yigit Aybuga Dizi Portali allows remote attackers to execute arbitrary SQL commands via the film parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/bid/32239/exploit", - "refsource" : "MISC", - "url" : "http://www.securityfocus.com/bid/32239/exploit" - }, - { - "name" : "32239", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32239" - }, - { - "name" : "49803", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/49803" - }, - { - "name" : "32675", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32675" - }, - { - "name" : "diziportali-film-sql-injection(46522)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46522" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in film.asp in Yigit Aybuga Dizi Portali allows remote attackers to execute arbitrary SQL commands via the film parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "diziportali-film-sql-injection(46522)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46522" + }, + { + "name": "32239", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32239" + }, + { + "name": "http://www.securityfocus.com/bid/32239/exploit", + "refsource": "MISC", + "url": "http://www.securityfocus.com/bid/32239/exploit" + }, + { + "name": "32675", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32675" + }, + { + "name": "49803", + "refsource": "OSVDB", + "url": "http://osvdb.org/49803" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5154.json b/2008/5xxx/CVE-2008-5154.json index f44e8b36f9d..402236625b9 100644 --- a/2008/5xxx/CVE-2008-5154.json +++ b/2008/5xxx/CVE-2008-5154.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "bluetooth.rc in p3nfs 5.19 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/blue.log temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-devel] 20080813 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages", - "refsource" : "MLIST", - "url" : "http://lists.debian.org/debian-devel/2008/08/msg00347.html" - }, - { - "name" : "http://uvw.ru/report.sid.txt", - "refsource" : "MISC", - "url" : "http://uvw.ru/report.sid.txt" - }, - { - "name" : "32373", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32373" - }, - { - "name" : "32818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32818" - }, - { - "name" : "p3nfs-bluetooth-symlink(46707)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46707" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "bluetooth.rc in p3nfs 5.19 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/blue.log temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32818" + }, + { + "name": "32373", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32373" + }, + { + "name": "[debian-devel] 20080813 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages", + "refsource": "MLIST", + "url": "http://lists.debian.org/debian-devel/2008/08/msg00347.html" + }, + { + "name": "http://uvw.ru/report.sid.txt", + "refsource": "MISC", + "url": "http://uvw.ru/report.sid.txt" + }, + { + "name": "p3nfs-bluetooth-symlink(46707)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46707" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5788.json b/2008/5xxx/CVE-2008-5788.json index 52bbb2a218d..f5ce17c515d 100644 --- a/2008/5xxx/CVE-2008-5788.json +++ b/2008/5xxx/CVE-2008-5788.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5788", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Domain Seller Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7052", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7052" - }, - { - "name" : "32201", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32201" - }, - { - "name" : "ADV-2008-3076", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3076" - }, - { - "name" : "32637", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32637" - }, - { - "name" : "4833", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4833" - }, - { - "name" : "domainsellerpro-index-sql-injection(46475)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46475" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Domain Seller Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32201", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32201" + }, + { + "name": "4833", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4833" + }, + { + "name": "32637", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32637" + }, + { + "name": "7052", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7052" + }, + { + "name": "ADV-2008-3076", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3076" + }, + { + "name": "domainsellerpro-index-sql-injection(46475)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46475" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5879.json b/2008/5xxx/CVE-2008-5879.json index 25c8965d56e..7314640cc73 100644 --- a/2008/5xxx/CVE-2008-5879.json +++ b/2008/5xxx/CVE-2008-5879.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, allows remote attackers to inject arbitrary web script or HTML via the page parameter and other unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7515", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7515" - }, - { - "name" : "32915", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32915" - }, - { - "name" : "33211", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33211" - }, - { - "name" : "4881", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4881" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, allows remote attackers to inject arbitrary web script or HTML via the page parameter and other unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4881", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4881" + }, + { + "name": "7515", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7515" + }, + { + "name": "33211", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33211" + }, + { + "name": "32915", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32915" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5972.json b/2008/5xxx/CVE-2008-5972.json index f11eaa70c64..0ac1e8a6c0c 100644 --- a/2008/5xxx/CVE-2008-5972.json +++ b/2008/5xxx/CVE-2008-5972.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5972", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in default.asp in Active Business Directory 2 allows remote attackers to execute arbitrary SQL commands via the catid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5972", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7302", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7302" - }, - { - "name" : "32551", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32551" - }, - { - "name" : "ADV-2008-3294", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3294" - }, - { - "name" : "32894", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32894" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in default.asp in Active Business Directory 2 allows remote attackers to execute arbitrary SQL commands via the catid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32894", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32894" + }, + { + "name": "32551", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32551" + }, + { + "name": "ADV-2008-3294", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3294" + }, + { + "name": "7302", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7302" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2275.json b/2011/2xxx/CVE-2011-2275.json index f20f228925f..d08575bbf94 100644 --- a/2011/2xxx/CVE-2011-2275.json +++ b/2011/2xxx/CVE-2011-2275.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.49.31, 8.50.20, and 8.51.11 allows remote attackers to affect integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-2275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" - }, - { - "name" : "TA11-201A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.49.31, 8.50.20, and 8.51.11 allows remote attackers to affect integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-201A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2508.json b/2011/2xxx/CVE-2011-2508.json index f043f196280..3c59b7686ad 100644 --- a/2011/2xxx/CVE-2011-2508.json +++ b/2011/2xxx/CVE-2011-2508.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110707 phpMyAdmin 3.x Multiple Remote Code Executions", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/518804/100/0/threaded" - }, - { - "name" : "[oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/28/2" - }, - { - "name" : "[oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/28/6" - }, - { - "name" : "[oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/28/8" - }, - { - "name" : "[oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/29/11" - }, - { - "name" : "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html", - "refsource" : "MISC", - "url" : "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html" - }, - { - "name" : "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt", - "refsource" : "MISC", - "url" : "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt" - }, - { - "name" : "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=b434320eff8ca9c2fc1b043c1804f868341af9a7", - "refsource" : "CONFIRM", - "url" : "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=b434320eff8ca9c2fc1b043c1804f868341af9a7" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/" - }, - { - "name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php" - }, - { - "name" : "DSA-2286", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2286" - }, - { - "name" : "FEDORA-2011-9144", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html" - }, - { - "name" : "MDVSA-2011:124", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124" - }, - { - "name" : "73614", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/73614" - }, - { - "name" : "45139", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45139" - }, - { - "name" : "45292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45292" - }, - { - "name" : "45315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45315" - }, - { - "name" : "8306", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8306" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt", + "refsource": "MISC", + "url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt" + }, + { + "name": "[oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/28/2" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/" + }, + { + "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php", + "refsource": "CONFIRM", + "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php" + }, + { + "name": "45292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45292" + }, + { + "name": "[oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/28/6" + }, + { + "name": "[oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/28/8" + }, + { + "name": "73614", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/73614" + }, + { + "name": "MDVSA-2011:124", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124" + }, + { + "name": "8306", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8306" + }, + { + "name": "45139", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45139" + }, + { + "name": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=b434320eff8ca9c2fc1b043c1804f868341af9a7", + "refsource": "CONFIRM", + "url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=b434320eff8ca9c2fc1b043c1804f868341af9a7" + }, + { + "name": "DSA-2286", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2286" + }, + { + "name": "20110707 phpMyAdmin 3.x Multiple Remote Code Executions", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/518804/100/0/threaded" + }, + { + "name": "[oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/29/11" + }, + { + "name": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html", + "refsource": "MISC", + "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html" + }, + { + "name": "45315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45315" + }, + { + "name": "FEDORA-2011-9144", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2753.json b/2011/2xxx/CVE-2011-2753.json index e01ae489a8a..8baddc0ad20 100644 --- a/2011/2xxx/CVE-2011-2753.json +++ b/2011/2xxx/CVE-2011-2753.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2753", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2753", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=14119", - "refsource" : "CONFIRM", - "url" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=14119" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=720694", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=720694" - }, - { - "name" : "DSA-2291", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2291" - }, - { - "name" : "MDVSA-2011:123", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:123" - }, - { - "name" : "RHSA-2012:0103", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0103.html" - }, - { - "name" : "squirrelmail-authentication-csrf(68586)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68586" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2291", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2291" + }, + { + "name": "MDVSA-2011:123", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:123" + }, + { + "name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=14119", + "refsource": "CONFIRM", + "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=14119" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=720694", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=720694" + }, + { + "name": "RHSA-2012:0103", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html" + }, + { + "name": "squirrelmail-authentication-csrf(68586)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68586" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2903.json b/2011/2xxx/CVE-2011-2903.json index a083c281a83..cab654b021d 100644 --- a/2011/2xxx/CVE-2011-2903.json +++ b/2011/2xxx/CVE-2011-2903.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in tcptrack before 1.4.2 might allow attackers to execute arbitrary code via a long command line argument. NOTE: this is only a vulnerability in limited scenarios in which tcptrack is \"configured as a handler for other applications.\" This issue might not qualify for inclusion in CVE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110809 Re: CVE request: heap overflow in tcptrack < 1.4.2", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2011/q3/293" - }, - { - "name" : "[oss-security] 20110831 Re: CVE request: heap overflow in tcptrack < 1.4.2", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/31/1" - }, - { - "name" : "http://www.rhythm.cx/~steve/devel/tcptrack/", - "refsource" : "CONFIRM", - "url" : "http://www.rhythm.cx/~steve/devel/tcptrack/" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=377917", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=377917" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=729096", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=729096" - }, - { - "name" : "49352", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49352" - }, - { - "name" : "tcptrack-commandline-bo(69467)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in tcptrack before 1.4.2 might allow attackers to execute arbitrary code via a long command line argument. NOTE: this is only a vulnerability in limited scenarios in which tcptrack is \"configured as a handler for other applications.\" This issue might not qualify for inclusion in CVE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=729096", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=729096" + }, + { + "name": "tcptrack-commandline-bo(69467)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69467" + }, + { + "name": "http://www.rhythm.cx/~steve/devel/tcptrack/", + "refsource": "CONFIRM", + "url": "http://www.rhythm.cx/~steve/devel/tcptrack/" + }, + { + "name": "49352", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49352" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=377917", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=377917" + }, + { + "name": "[oss-security] 20110831 Re: CVE request: heap overflow in tcptrack < 1.4.2", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/31/1" + }, + { + "name": "[oss-security] 20110809 Re: CVE request: heap overflow in tcptrack < 1.4.2", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2011/q3/293" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0017.json b/2013/0xxx/CVE-2013-0017.json index 17cc49928c7..ec388de6289 100644 --- a/2013/0xxx/CVE-2013-0017.json +++ b/2013/0xxx/CVE-2013-0017.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0017", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-0017", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0123.json b/2013/0xxx/CVE-2013-0123.json index abf63422b9a..5742de3526c 100644 --- a/2013/0xxx/CVE-2013-0123.json +++ b/2013/0xxx/CVE-2013-0123.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0123", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the administration interface in ASKIA askiaweb allow remote attackers to execute arbitrary SQL commands via (1) the nHistoryId parameter to WebProd/pages/pgHistory.asp or (2) the OrderBy parameter to WebProd/pages/pgadmin.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2013-0123", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#406596", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/406596" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the administration interface in ASKIA askiaweb allow remote attackers to execute arbitrary SQL commands via (1) the nHistoryId parameter to WebProd/pages/pgHistory.asp or (2) the OrderBy parameter to WebProd/pages/pgadmin.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#406596", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/406596" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0413.json b/2013/0xxx/CVE-2013-0413.json index 2a4ebe14bdb..f45698ca361 100644 --- a/2013/0xxx/CVE-2013-0413.json +++ b/2013/0xxx/CVE-2013-0413.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0413", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Remote Execution Service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-0413", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "oval:org.mitre.oval:def:19409", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19409" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Remote Execution Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" + }, + { + "name": "oval:org.mitre.oval:def:19409", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19409" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0633.json b/2013/0xxx/CVE-2013-0633.json index 4aecc0399f9..b27790966f8 100644 --- a/2013/0xxx/CVE-2013-0633.json +++ b/2013/0xxx/CVE-2013-0633.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2013-0633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb13-04.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb13-04.html" - }, - { - "name" : "RHSA-2013:0243", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0243.html" - }, - { - "name" : "SUSE-SU-2013:0288", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00007.html" - }, - { - "name" : "openSUSE-SU-2013:0279", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00004.html" - }, - { - "name" : "openSUSE-SU-2013:0284", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00006.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb13-04.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb13-04.html" + }, + { + "name": "RHSA-2013:0243", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0243.html" + }, + { + "name": "openSUSE-SU-2013:0279", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00004.html" + }, + { + "name": "SUSE-SU-2013:0288", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00007.html" + }, + { + "name": "openSUSE-SU-2013:0284", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0707.json b/2013/0xxx/CVE-2013-0707.json index e3804f338e9..c546c30506a 100644 --- a/2013/0xxx/CVE-2013-0707.json +++ b/2013/0xxx/CVE-2013-0707.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in JustSystems Ichitaro 2006 and 2007, Ichitaro Government 2006 and 2007, Ichitaro Portable with oreplug, Hanako 2006 through 2013, Hanako Police, Hanako Police 3, and Hanako Police 2010 allows remote attackers to execute arbitrary code via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2013-0707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.justsystems.com/jp/info/js13001.html", - "refsource" : "CONFIRM", - "url" : "http://www.justsystems.com/jp/info/js13001.html" - }, - { - "name" : "JVN#16817324", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN16817324/index.html" - }, - { - "name" : "JVNDB-2013-000015", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000015" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in JustSystems Ichitaro 2006 and 2007, Ichitaro Government 2006 and 2007, Ichitaro Portable with oreplug, Hanako 2006 through 2013, Hanako Police, Hanako Police 3, and Hanako Police 2010 allows remote attackers to execute arbitrary code via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2013-000015", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000015" + }, + { + "name": "JVN#16817324", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN16817324/index.html" + }, + { + "name": "http://www.justsystems.com/jp/info/js13001.html", + "refsource": "CONFIRM", + "url": "http://www.justsystems.com/jp/info/js13001.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0726.json b/2013/0xxx/CVE-2013-0726.json index c1e73219e18..b89b573e03b 100644 --- a/2013/0xxx/CVE-2013-0726.json +++ b/2013/0xxx/CVE-2013-0726.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0726", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the ERM_convert_to_correct_webpath function in ermapper_u.dll in ERDAS ER Viewer before 13.00.0001 allows remote attackers to execute arbitrary code via a crafted pathname in an ERS file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2013-0726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "51725", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51725" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the ERM_convert_to_correct_webpath function in ermapper_u.dll in ERDAS ER Viewer before 13.00.0001 allows remote attackers to execute arbitrary code via a crafted pathname in an ERS file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51725", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51725" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1017.json b/2013/1xxx/CVE-2013-1017.json index 24f793aa358..0ed9175e411 100644 --- a/2013/1xxx/CVE-2013-1017.json +++ b/2013/1xxx/CVE-2013-1017.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted dref atoms in a movie file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-1017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5770", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5770" - }, - { - "name" : "APPLE-SA-2013-05-22-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/May/msg00001.html" - }, - { - "name" : "oval:org.mitre.oval:def:16606", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16606" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted dref atoms in a movie file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2013-05-22-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/May/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT5770", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5770" + }, + { + "name": "oval:org.mitre.oval:def:16606", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16606" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1351.json b/2013/1xxx/CVE-2013-1351.json index 429e823d0be..60c4d91feb1 100644 --- a/2013/1xxx/CVE-2013-1351.json +++ b/2013/1xxx/CVE-2013-1351.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1351", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1351", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3116.json b/2013/3xxx/CVE-2013-3116.json index e1b05ed4dd6..266393ba9d9 100644 --- a/2013/3xxx/CVE-2013-3116.json +++ b/2013/3xxx/CVE-2013-3116.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 7 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-047", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-047" - }, - { - "name" : "TA13-168A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-168A" - }, - { - "name" : "oval:org.mitre.oval:def:16914", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16914" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 7 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA13-168A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-168A" + }, + { + "name": "MS13-047", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-047" + }, + { + "name": "oval:org.mitre.oval:def:16914", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16914" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3329.json b/2013/3xxx/CVE-2013-3329.json index 1fd1fb49aea..72c3943d68f 100644 --- a/2013/3xxx/CVE-2013-3329.json +++ b/2013/3xxx/CVE-2013-3329.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3329", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2013-3329", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb13-14.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb13-14.html" - }, - { - "name" : "RHSA-2013:0825", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0825.html" - }, - { - "name" : "SUSE-SU-2013:0798", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00003.html" - }, - { - "name" : "openSUSE-SU-2013:0892", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00003.html" - }, - { - "name" : "openSUSE-SU-2013:0954", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00010.html" - }, - { - "name" : "oval:org.mitre.oval:def:16913", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16913" - }, - { - "name" : "53442", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:0892", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00003.html" + }, + { + "name": "oval:org.mitre.oval:def:16913", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16913" + }, + { + "name": "53442", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53442" + }, + { + "name": "SUSE-SU-2013:0798", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00003.html" + }, + { + "name": "openSUSE-SU-2013:0954", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00010.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb13-14.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb13-14.html" + }, + { + "name": "RHSA-2013:0825", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0825.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3575.json b/2013/3xxx/CVE-2013-3575.json index b68cf929d4c..e5fe8be4dfb 100644 --- a/2013/3xxx/CVE-2013-3575.json +++ b/2013/3xxx/CVE-2013-3575.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2013-3575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#324668", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/324668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#324668", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/324668" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3635.json b/2013/3xxx/CVE-2013-3635.json index 82444952826..c2294b3c9b3 100644 --- a/2013/3xxx/CVE-2013-3635.json +++ b/2013/3xxx/CVE-2013-3635.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3635", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-3635", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3856.json b/2013/3xxx/CVE-2013-3856.json index 01b95e7d7a1..cb47b6cabbc 100644 --- a/2013/3xxx/CVE-2013-3856.json +++ b/2013/3xxx/CVE-2013-3856.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3856", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3856", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-072", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072" - }, - { - "name" : "TA13-253A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-253A" - }, - { - "name" : "oval:org.mitre.oval:def:18797", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18797" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-072", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072" + }, + { + "name": "oval:org.mitre.oval:def:18797", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18797" + }, + { + "name": "TA13-253A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-253A" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4283.json b/2013/4xxx/CVE-2013-4283.json index 95b4d82162b..9571c439904 100644 --- a/2013/4xxx/CVE-2013-4283.json +++ b/2013/4xxx/CVE-2013-4283.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://directory.fedoraproject.org/wiki/Releases/1.3.0.8", - "refsource" : "CONFIRM", - "url" : "http://directory.fedoraproject.org/wiki/Releases/1.3.0.8" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=999634", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=999634" - }, - { - "name" : "RHSA-2013:1182", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1182.html" - }, - { - "name" : "54586", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54586" - }, - { - "name" : "54650", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54650" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:1182", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1182.html" + }, + { + "name": "http://directory.fedoraproject.org/wiki/Releases/1.3.0.8", + "refsource": "CONFIRM", + "url": "http://directory.fedoraproject.org/wiki/Releases/1.3.0.8" + }, + { + "name": "54650", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54650" + }, + { + "name": "54586", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54586" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=999634", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=999634" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4404.json b/2013/4xxx/CVE-2013-4404.json index e17b217ffd7..7dd6d3d73fa 100644 --- a/2013/4xxx/CVE-2013-4404.json +++ b/2013/4xxx/CVE-2013-4404.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4404", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cumin in Red Hat Enterprise MRG Grid 2.4 does not properly enforce user roles, which allows remote authenticated users to bypass intended role restrictions and obtain sensitive information or perform privileged operations via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4404", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=995038", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=995038" - }, - { - "name" : "RHSA-2013:1851", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1851.html" - }, - { - "name" : "RHSA-2013:1852", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1852.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cumin in Red Hat Enterprise MRG Grid 2.4 does not properly enforce user roles, which allows remote authenticated users to bypass intended role restrictions and obtain sensitive information or perform privileged operations via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=995038", + "refsource": "CONFIRM", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=995038" + }, + { + "name": "RHSA-2013:1851", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1851.html" + }, + { + "name": "RHSA-2013:1852", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4735.json b/2013/4xxx/CVE-2013-4735.json index a4e0445b724..a31accc7a45 100644 --- a/2013/4xxx/CVE-2013-4735.json +++ b/2013/4xxx/CVE-2013-4735.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 have a default password for an administrative account, which makes it easier for remote attackers to obtain access via an IP network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdf" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/AAMN-98MU7H", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/AAMN-98MU7H" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/AAMN-98MUK2", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/AAMN-98MUK2" - }, - { - "name" : "http://www.monroe-electronics.com/MONROE_ELECTRONICS_PDF/130604-Monroe-Security-PR.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.monroe-electronics.com/MONROE_ELECTRONICS_PDF/130604-Monroe-Security-PR.pdf" - }, - { - "name" : "VU#662676", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/662676" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 have a default password for an administrative account, which makes it easier for remote attackers to obtain access via an IP network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kb.cert.org/vuls/id/AAMN-98MUK2", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/AAMN-98MUK2" + }, + { + "name": "VU#662676", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/662676" + }, + { + "name": "http://www.kb.cert.org/vuls/id/AAMN-98MU7H", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/AAMN-98MU7H" + }, + { + "name": "http://www.monroe-electronics.com/MONROE_ELECTRONICS_PDF/130604-Monroe-Security-PR.pdf", + "refsource": "CONFIRM", + "url": "http://www.monroe-electronics.com/MONROE_ELECTRONICS_PDF/130604-Monroe-Security-PR.pdf" + }, + { + "name": "http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdf", + "refsource": "CONFIRM", + "url": "http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12042.json b/2017/12xxx/CVE-2017-12042.json index ea92251fad8..c789504a5b4 100644 --- a/2017/12xxx/CVE-2017-12042.json +++ b/2017/12xxx/CVE-2017-12042.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12042", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12042", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12405.json b/2017/12xxx/CVE-2017-12405.json index 28f7af33a38..8bb50ee49e5 100644 --- a/2017/12xxx/CVE-2017-12405.json +++ b/2017/12xxx/CVE-2017-12405.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12405", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12405", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12451.json b/2017/12xxx/CVE-2017-12451.json index 14e63647edb..db4b83eceed 100644 --- a/2017/12xxx/CVE-2017-12451.json +++ b/2017/12xxx/CVE-2017-12451.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12451", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21786", - "refsource" : "MISC", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21786" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=21786", + "refsource": "MISC", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21786" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12510.json b/2017/12xxx/CVE-2017-12510.json index 977723f7f64..25f41fd9b0a 100644 --- a/2017/12xxx/CVE-2017-12510.json +++ b/2017/12xxx/CVE-2017-12510.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-08-11T00:00:00", - "ID" : "CVE-2017-12510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intelligent Management Center (iMC) PLAT", - "version" : { - "version_data" : [ - { - "version_value" : "PLAT 7.3 (E0504)" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-08-11T00:00:00", + "ID": "CVE-2017-12510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intelligent Management Center (iMC) PLAT", + "version": { + "version_data": [ + { + "version_value": "PLAT 7.3 (E0504)" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us" - }, - { - "name" : "100367", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100367" - }, - { - "name" : "1039152", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039152", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039152" + }, + { + "name": "100367", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100367" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12671.json b/2017/12xxx/CVE-2017-12671.json index 9908da670fe..b6801aaf87d 100644 --- a/2017/12xxx/CVE-2017-12671.json +++ b/2017/12xxx/CVE-2017-12671.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/png.c, leading to an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allows attackers to cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/621", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/621" - }, - { - "name" : "DSA-4019", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/png.c, leading to an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allows attackers to cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/621", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/621" + }, + { + "name": "DSA-4019", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4019" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13485.json b/2017/13xxx/CVE-2017-13485.json index 14046c5081a..b7f4b5aceae 100644 --- a/2017/13xxx/CVE-2017-13485.json +++ b/2017/13xxx/CVE-2017-13485.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13485", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13485", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13496.json b/2017/13xxx/CVE-2017-13496.json index 75a9e231c25..a6febadebc3 100644 --- a/2017/13xxx/CVE-2017-13496.json +++ b/2017/13xxx/CVE-2017-13496.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13496", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13496", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13587.json b/2017/13xxx/CVE-2017-13587.json index 18a1ae929ed..d8ed162c358 100644 --- a/2017/13xxx/CVE-2017-13587.json +++ b/2017/13xxx/CVE-2017-13587.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13587", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13587", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13691.json b/2017/13xxx/CVE-2017-13691.json index 7b80ecded48..c70b66e0e96 100644 --- a/2017/13xxx/CVE-2017-13691.json +++ b/2017/13xxx/CVE-2017-13691.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13691", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13691", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13761.json b/2017/13xxx/CVE-2017-13761.json index b6ef5da8dd2..1b557149106 100644 --- a/2017/13xxx/CVE-2017-13761.json +++ b/2017/13xxx/CVE-2017-13761.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13761", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13761", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2", - "refsource" : "CONFIRM", - "url" : "https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2", + "refsource": "CONFIRM", + "url": "https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16246.json b/2017/16xxx/CVE-2017-16246.json index 53ca0bcaaa8..c062bdb0b86 100644 --- a/2017/16xxx/CVE-2017-16246.json +++ b/2017/16xxx/CVE-2017-16246.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16246", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16246", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16253.json b/2017/16xxx/CVE-2017-16253.json index 555903dd8eb..9aecf4bafdb 100644 --- a/2017/16xxx/CVE-2017-16253.json +++ b/2017/16xxx/CVE-2017-16253.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16253", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16253", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16299.json b/2017/16xxx/CVE-2017-16299.json index cef2a18cc20..c54d843853b 100644 --- a/2017/16xxx/CVE-2017-16299.json +++ b/2017/16xxx/CVE-2017-16299.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16299", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16299", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16334.json b/2017/16xxx/CVE-2017-16334.json index 46b6462d56e..7277de90297 100644 --- a/2017/16xxx/CVE-2017-16334.json +++ b/2017/16xxx/CVE-2017-16334.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16334", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16334", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17221.json b/2017/17xxx/CVE-2017-17221.json index ee24044fa6a..3fe58ce5133 100644 --- a/2017/17xxx/CVE-2017-17221.json +++ b/2017/17xxx/CVE-2017-17221.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-17221", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "eSpace 7950; eSpace 8950", - "version" : { - "version_data" : [ - { - "version_value" : "eSpace 7950 V200R003C30" - }, - { - "version_value" : "eSpace 8950 V200R003C00" - }, - { - "version_value" : "V200R003C30" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Import Signal Tone function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after the Signal Tone is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-17221", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "eSpace 7950; eSpace 8950", + "version": { + "version_data": [ + { + "version_value": "eSpace 7950 V200R003C30" + }, + { + "version_value": "eSpace 8950 V200R003C00" + }, + { + "version_value": "V200R003C30" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Import Signal Tone function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after the Signal Tone is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17419.json b/2017/17xxx/CVE-2017-17419.json index fcbc56060d7..56ff54de1e2 100644 --- a/2017/17xxx/CVE-2017-17419.json +++ b/2017/17xxx/CVE-2017-17419.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2017-17419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Quest NetVault Backup", - "version" : { - "version_data" : [ - { - "version_value" : "11.3.0.12" - } - ] - } - } - ] - }, - "vendor_name" : "Quest" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUTransferHistory Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4230." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-89-Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2017-17419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Quest NetVault Backup", + "version": { + "version_data": [ + { + "version_value": "11.3.0.12" + } + ] + } + } + ] + }, + "vendor_name": "Quest" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-17-984", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-17-984" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUTransferHistory Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4230." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89-Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-17-984", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-17-984" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4408.json b/2017/4xxx/CVE-2017-4408.json index 1902a7ccfd7..8278836bb65 100644 --- a/2017/4xxx/CVE-2017-4408.json +++ b/2017/4xxx/CVE-2017-4408.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4408", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4408", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18024.json b/2018/18xxx/CVE-2018-18024.json index c385ecc37b8..503220fbe6d 100644 --- a/2018/18xxx/CVE-2018-18024.json +++ b/2018/18xxx/CVE-2018-18024.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18024", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/1337", - "refsource" : "MISC", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/1337" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/1337", + "refsource": "MISC", + "url": "https://github.com/ImageMagick/ImageMagick/issues/1337" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18500.json b/2018/18xxx/CVE-2018-18500.json index e6a7997a313..72b1649d454 100644 --- a/2018/18xxx/CVE-2018-18500.json +++ b/2018/18xxx/CVE-2018-18500.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-18500", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-18500", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190130 [SECURITY] [DLA 1648-1] firefox-esr security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html" - }, - { - "name" : "[debian-lts-announce] 20190216 [SECURITY] [DLA 1678-1] thunderbird security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2019-01/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2019-01/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2019-02/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2019-02/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2019-03/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2019-03/" - }, - { - "name" : "DSA-4376", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2019/dsa-4376" - }, - { - "name" : "DSA-4392", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2019/dsa-4392" - }, - { - "name" : "GLSA-201903-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201903-04" - }, - { - "name" : "RHSA-2019:0218", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0218" - }, - { - "name" : "RHSA-2019:0219", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0219" - }, - { - "name" : "RHSA-2019:0269", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0269" - }, - { - "name" : "RHSA-2019:0270", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0270" - }, - { - "name" : "USN-3874-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3874-1/" - }, - { - "name" : "USN-3897-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3897-1/" - }, - { - "name" : "106781", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2019:0219", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0219" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2019-01/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-01/" + }, + { + "name": "USN-3897-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3897-1/" + }, + { + "name": "106781", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106781" + }, + { + "name": "GLSA-201903-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201903-04" + }, + { + "name": "USN-3874-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3874-1/" + }, + { + "name": "RHSA-2019:0269", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0269" + }, + { + "name": "RHSA-2019:0218", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0218" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2019-02/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-02/" + }, + { + "name": "DSA-4376", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2019/dsa-4376" + }, + { + "name": "[debian-lts-announce] 20190216 [SECURITY] [DLA 1678-1] thunderbird security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html" + }, + { + "name": "[debian-lts-announce] 20190130 [SECURITY] [DLA 1648-1] firefox-esr security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2019-03/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2019-03/" + }, + { + "name": "DSA-4392", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2019/dsa-4392" + }, + { + "name": "RHSA-2019:0270", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0270" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18568.json b/2018/18xxx/CVE-2018-18568.json index a9b16c531ba..aec8cf78f74 100644 --- a/2018/18xxx/CVE-2018-18568.json +++ b/2018/18xxx/CVE-2018-18568.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18568", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181023 [SYSS-2018-027] missing X.509 validation with Polycom VVX Phones (Skype for Business, on-premise) - CVE-2018-18568", - "refsource" : "BUGTRAQ", - "url" : "https://seclists.org/bugtraq/2018/Oct/36" - }, - { - "name" : "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-027.txt", - "refsource" : "MISC", - "url" : "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-027.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-027.txt", + "refsource": "MISC", + "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-027.txt" + }, + { + "name": "20181023 [SYSS-2018-027] missing X.509 validation with Polycom VVX Phones (Skype for Business, on-premise) - CVE-2018-18568", + "refsource": "BUGTRAQ", + "url": "https://seclists.org/bugtraq/2018/Oct/36" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18848.json b/2018/18xxx/CVE-2018-18848.json index b54865d6729..e4b581d6589 100644 --- a/2018/18xxx/CVE-2018-18848.json +++ b/2018/18xxx/CVE-2018-18848.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18848", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18848", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18857.json b/2018/18xxx/CVE-2018-18857.json index b7c27b88e59..afda04ed21e 100644 --- a/2018/18xxx/CVE-2018-18857.json +++ b/2018/18xxx/CVE-2018-18857.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18857", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the \"command_line\" parameter as a shell command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18857", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45782", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45782/" - }, - { - "name" : "20181102 Multiple Privilege Escalation Vulnerabilities in LiquidVPN for MacOS (CVE-2018-18856, CVE-2018-18857, CVE-2018-18858, CVE-2018-18859)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Nov/1" - }, - { - "name" : "http://packetstormsecurity.com/files/150137/LiquidVPN-For-macOS-1.3.7-Privilege-Escalation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/150137/LiquidVPN-For-macOS-1.3.7-Privilege-Escalation.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the \"command_line\" parameter as a shell command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/150137/LiquidVPN-For-macOS-1.3.7-Privilege-Escalation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/150137/LiquidVPN-For-macOS-1.3.7-Privilege-Escalation.html" + }, + { + "name": "45782", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45782/" + }, + { + "name": "20181102 Multiple Privilege Escalation Vulnerabilities in LiquidVPN for MacOS (CVE-2018-18856, CVE-2018-18857, CVE-2018-18858, CVE-2018-18859)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Nov/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1235.json b/2018/1xxx/CVE-2018-1235.json index afe5aef7e39..87641de58b1 100644 --- a/2018/1xxx/CVE-2018-1235.json +++ b/2018/1xxx/CVE-2018-1235.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "DATE_PUBLIC" : "2018-05-22T04:00:00.000Z", - "ID" : "CVE-2018-1235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Dell EMC RecoverPoint", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "5.1.2" - } - ] - } - }, - { - "product_name" : "Dell EMC RecoverPoint Virtual Machine (VM)", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "5.1.1.3" - } - ] - } - } - ] - }, - "vendor_name" : "Dell EMC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to execute arbitrary commands on the affected system with root privilege." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "command injection vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-05-22T04:00:00.000Z", + "ID": "CVE-2018-1235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dell EMC RecoverPoint", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "5.1.2" + } + ] + } + }, + { + "product_name": "Dell EMC RecoverPoint Virtual Machine (VM)", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "5.1.1.3" + } + ] + } + } + ] + }, + "vendor_name": "Dell EMC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44920", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44920/" - }, - { - "name" : "20180522 DSA-2018-095: Dell EMC RecoverPoint Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/May/61" - }, - { - "name" : "104246", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104246" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to execute arbitrary commands on the affected system with root privilege." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "command injection vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180522 DSA-2018-095: Dell EMC RecoverPoint Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/May/61" + }, + { + "name": "44920", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44920/" + }, + { + "name": "104246", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104246" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1308.json b/2018/1xxx/CVE-2018-1308.json index 26e025211b8..441bf4655ad 100644 --- a/2018/1xxx/CVE-2018-1308.json +++ b/2018/1xxx/CVE-2018-1308.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-04-08T00:00:00", - "ID" : "CVE-2018-1308", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Solr", - "version" : { - "version_data" : [ - { - "version_value" : "1.2 to 6.6.2" - }, - { - "version_value" : "7.0.0 to 7.2.1" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-04-08T00:00:00", + "ID": "CVE-2018-1308", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Solr", + "version": { + "version_data": [ + { + "version_value": "1.2 to 6.6.2" + }, + { + "version_value": "7.0.0 to 7.2.1" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[www-announce] 20180408 [SECURITY] CVE-2018-1308: XXE attack through Apache Solr's DIH's dataConfig request parameter", - "refsource" : "MLIST", - "url" : "https://mail-archives.apache.org/mod_mbox/www-announce/201804.mbox/%3C000001d3cf68%245ac69af0%241053d0d0%24%40apache.org%3E" - }, - { - "name" : "[debian-lts-announce] 20180424 [SECURITY] [DLA 1360-1] lucene-solr security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00025.html" - }, - { - "name" : "https://issues.apache.org/jira/browse/SOLR-11971", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/SOLR-11971" - }, - { - "name" : "DSA-4194", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4194" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4194", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4194" + }, + { + "name": "[debian-lts-announce] 20180424 [SECURITY] [DLA 1360-1] lucene-solr security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00025.html" + }, + { + "name": "[www-announce] 20180408 [SECURITY] CVE-2018-1308: XXE attack through Apache Solr's DIH's dataConfig request parameter", + "refsource": "MLIST", + "url": "https://mail-archives.apache.org/mod_mbox/www-announce/201804.mbox/%3C000001d3cf68%245ac69af0%241053d0d0%24%40apache.org%3E" + }, + { + "name": "https://issues.apache.org/jira/browse/SOLR-11971", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/SOLR-11971" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1460.json b/2018/1xxx/CVE-2018-1460.json index 9178fc26179..fa9e6a769e7 100644 --- a/2018/1xxx/CVE-2018-1460.json +++ b/2018/1xxx/CVE-2018-1460.json @@ -1,98 +1,98 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-06-14T00:00:00", - "ID" : "CVE-2018-1460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PureData System for Analytics", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Netezza Platform Software (IBM PureData System for Analytics 1.0.0) could allow a local user to modify a world writable file, which could be used to execute commands as root. IBM X-Force ID: 140211." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "H", - "AC" : "L", - "AV" : "L", - "C" : "H", - "I" : "H", - "PR" : "N", - "S" : "U", - "SCORE" : "8.400", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-06-14T00:00:00", + "ID": "CVE-2018-1460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PureData System for Analytics", + "version": { + "version_data": [ + { + "version_value": "1.0.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2018-13", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2018-13" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22015701", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22015701" - }, - { - "name" : "104486", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104486" - }, - { - "name" : "ibm-netezza-cve20181460-priv-escalation(140211)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/140211" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Netezza Platform Software (IBM PureData System for Analytics 1.0.0) could allow a local user to modify a world writable file, which could be used to execute commands as root. IBM X-Force ID: 140211." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "H", + "AC": "L", + "AV": "L", + "C": "H", + "I": "H", + "PR": "N", + "S": "U", + "SCORE": "8.400", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-netezza-cve20181460-priv-escalation(140211)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140211" + }, + { + "name": "https://www.tenable.com/security/research/tra-2018-13", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2018-13" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22015701", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22015701" + }, + { + "name": "104486", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104486" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1748.json b/2018/1xxx/CVE-2018-1748.json index 253d6a63fa8..2c56162b757 100644 --- a/2018/1xxx/CVE-2018-1748.json +++ b/2018/1xxx/CVE-2018-1748.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1748", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1748", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5505.json b/2018/5xxx/CVE-2018-5505.json index 89681df3bfc..1fe8c604f93 100644 --- a/2018/5xxx/CVE-2018-5505.json +++ b/2018/5xxx/CVE-2018-5505.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "DATE_PUBLIC" : "2018-03-21T00:00:00", - "ID" : "CVE-2018-5505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP (ASM and Analytics)", - "version" : { - "version_data" : [ - { - "version_value" : "13.1.0 - 13.1.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On F5 BIG-IP versions 13.1.0 - 13.1.0.3, when ASM and AVR are both provisioned, TMM may restart while processing DNS requests when the virtual server is configured with a DNS profile and the Protocol setting is set to TCP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DoS" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2018-03-21T00:00:00", + "ID": "CVE-2018-5505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP (ASM and Analytics)", + "version": { + "version_data": [ + { + "version_value": "13.1.0 - 13.1.0.3" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K23520761", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K23520761" - }, - { - "name" : "103505", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103505" - }, - { - "name" : "1040559", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040559" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On F5 BIG-IP versions 13.1.0 - 13.1.0.3, when ASM and AVR are both provisioned, TMM may restart while processing DNS requests when the virtual server is configured with a DNS profile and the Protocol setting is set to TCP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K23520761", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K23520761" + }, + { + "name": "103505", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103505" + }, + { + "name": "1040559", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040559" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5680.json b/2018/5xxx/CVE-2018-5680.json index a1f71a0d932..457613217f6 100644 --- a/2018/5xxx/CVE-2018-5680.json +++ b/2018/5xxx/CVE-2018-5680.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5680", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process, a different vulnerability than CVE-2018-5677 and CVE-2018-5679." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5680", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://srcincite.io/advisories/src-2018-0016/", - "refsource" : "MISC", - "url" : "https://srcincite.io/advisories/src-2018-0016/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - }, - { - "name" : "104300", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104300" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process, a different vulnerability than CVE-2018-5677 and CVE-2018-5679." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://srcincite.io/advisories/src-2018-0016/", + "refsource": "MISC", + "url": "https://srcincite.io/advisories/src-2018-0016/" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "104300", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104300" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5930.json b/2018/5xxx/CVE-2018-5930.json index 585c3a92ef5..59c7a12748d 100644 --- a/2018/5xxx/CVE-2018-5930.json +++ b/2018/5xxx/CVE-2018-5930.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5930", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5930", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file