diff --git a/2001/0xxx/CVE-2001-0198.json b/2001/0xxx/CVE-2001-0198.json index a97dee4162d..6079e7fd827 100644 --- a/2001/0xxx/CVE-2001-0198.json +++ b/2001/0xxx/CVE-2001-0198.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0198", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows remote attackers to execute arbitrary commands via a long HREF parameter in an EMBED tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0198", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010131 [SPSadvisory#41]Apple Quick Time Plug-in Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98096678523370&w=2" - }, - { - "name" : "20605", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/20605" - }, - { - "name" : "quicktime-embedded-tag-bo(6040)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6040" - }, - { - "name" : "2328", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2328" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows remote attackers to execute arbitrary commands via a long HREF parameter in an EMBED tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "quicktime-embedded-tag-bo(6040)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6040" + }, + { + "name": "2328", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2328" + }, + { + "name": "20605", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/20605" + }, + { + "name": "20010131 [SPSadvisory#41]Apple Quick Time Plug-in Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98096678523370&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0275.json b/2001/0xxx/CVE-2001-0275.json index 68459601d82..51072411077 100644 --- a/2001/0xxx/CVE-2001-0275.json +++ b/2001/0xxx/CVE-2001-0275.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Moby Netsuite Web Server 1.02 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010219 NetSuite 1.02 web server vulnerabilty", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-02/0346.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Moby Netsuite Web Server 1.02 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010219 NetSuite 1.02 web server vulnerabilty", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0346.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0456.json b/2001/0xxx/CVE-2001-0456.json index 3cb50ce86d4..bf48da6780e 100644 --- a/2001/0xxx/CVE-2001-0456.json +++ b/2001/0xxx/CVE-2001-0456.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0456", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "postinst installation script for Proftpd in Debian 2.2 does not properly change the \"run as uid/gid root\" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0456", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-032", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2001/dsa-032" - }, - { - "name" : "proftpd-postinst-root(6208)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6208" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "postinst installation script for Proftpd in Debian 2.2 does not properly change the \"run as uid/gid root\" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-032", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2001/dsa-032" + }, + { + "name": "proftpd-postinst-root(6208)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6208" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0762.json b/2001/0xxx/CVE-2001-0762.json index 2dc92f91a3d..054c5a29d97 100644 --- a/2001/0xxx/CVE-2001-0762.json +++ b/2001/0xxx/CVE-2001-0762.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in su-wrapper 1.1.1 allows local users to execute arbitrary code via a long first argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010602 su-wrapper 1.1.1 Local root exploit.", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-06/0057.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in su-wrapper 1.1.1 allows local users to execute arbitrary code via a long first argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010602 su-wrapper 1.1.1 Local root exploit.", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0057.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0981.json b/2001/0xxx/CVE-2001-0981.json index dd419dc0a6e..969c29a15ee 100644 --- a/2001/0xxx/CVE-2001-0981.json +++ b/2001/0xxx/CVE-2001-0981.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the \"unix password sync\" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX0108-164", - "refsource" : "HP", - "url" : "http://archives.neohapsis.com/archives/hp/2001-q3/0048.html" - }, - { - "name" : "hp-cifs-change-passwords(7051)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7051" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the \"unix password sync\" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hp-cifs-change-passwords(7051)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7051" + }, + { + "name": "HPSBUX0108-164", + "refsource": "HP", + "url": "http://archives.neohapsis.com/archives/hp/2001-q3/0048.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1360.json b/2001/1xxx/CVE-2001-1360.json index a5146b095c9..516d8e74959 100644 --- a/2001/1xxx/CVE-2001-1360.json +++ b/2001/1xxx/CVE-2001-1360.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in Scanner Access Now Easy (SANE) before 1.0.5, related to pnm and saned." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://ftp.mostang.com/pub/sane/sane-1.0.8/sane-backends-1.0.8.tar.gz", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.mostang.com/pub/sane/sane-1.0.8/sane-backends-1.0.8.tar.gz" - }, - { - "name" : "20010719 [VulnWatch] Changelog maddness (14 various broken apps)", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in Scanner Access Now Easy (SANE) before 1.0.5, related to pnm and saned." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ftp://ftp.mostang.com/pub/sane/sane-1.0.8/sane-backends-1.0.8.tar.gz", + "refsource": "CONFIRM", + "url": "ftp://ftp.mostang.com/pub/sane/sane-1.0.8/sane-backends-1.0.8.tar.gz" + }, + { + "name": "20010719 [VulnWatch] Changelog maddness (14 various broken apps)", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1256.json b/2008/1xxx/CVE-2008-1256.json index ae59f9f3cfa..b87393cd260 100644 --- a/2008/1xxx/CVE-2008-1256.json +++ b/2008/1xxx/CVE-2008-1256.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ZyXEL P-660HW series router has \"admin\" as its default password, which allows remote attackers to gain administrative access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080301 The Router Hacking Challenge is Over!", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489009/100/0/threaded" - }, - { - "name" : "http://www.gnucitizen.org/projects/router-hacking-challenge/", - "refsource" : "MISC", - "url" : "http://www.gnucitizen.org/projects/router-hacking-challenge/" - }, - { - "name" : "zyxel-p660hw-default-password(41108)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41108" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ZyXEL P-660HW series router has \"admin\" as its default password, which allows remote attackers to gain administrative access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080301 The Router Hacking Challenge is Over!", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded" + }, + { + "name": "http://www.gnucitizen.org/projects/router-hacking-challenge/", + "refsource": "MISC", + "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/" + }, + { + "name": "zyxel-p660hw-default-password(41108)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41108" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1357.json b/2008/1xxx/CVE-2008-1357.json index ab71e2adb33..6c9b486e3c3 100644 --- a/2008/1xxx/CVE-2008-1357.json +++ b/2008/1xxx/CVE-2008-1357.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082. NOTE: this issue only exists when the debug level is 8." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080312 Format string in McAfee Framework 3.6.0.569 (ePolicy Orchestrator 4.0)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489476/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/meccaffi-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/meccaffi-adv.txt" - }, - { - "name" : "https://knowledge.mcafee.com/article/234/615103_f.sal_public.html", - "refsource" : "CONFIRM", - "url" : "https://knowledge.mcafee.com/article/234/615103_f.sal_public.html" - }, - { - "name" : "28228", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28228" - }, - { - "name" : "ADV-2008-0866", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0866/references" - }, - { - "name" : "1019609", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019609" - }, - { - "name" : "29337", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29337" - }, - { - "name" : "3748", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3748" - }, - { - "name" : "mcafee-framework-format-string(41178)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41178" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082. NOTE: this issue only exists when the debug level is 8." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3748", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3748" + }, + { + "name": "https://knowledge.mcafee.com/article/234/615103_f.sal_public.html", + "refsource": "CONFIRM", + "url": "https://knowledge.mcafee.com/article/234/615103_f.sal_public.html" + }, + { + "name": "mcafee-framework-format-string(41178)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41178" + }, + { + "name": "1019609", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019609" + }, + { + "name": "29337", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29337" + }, + { + "name": "28228", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28228" + }, + { + "name": "http://aluigi.altervista.org/adv/meccaffi-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/meccaffi-adv.txt" + }, + { + "name": "ADV-2008-0866", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0866/references" + }, + { + "name": "20080312 Format string in McAfee Framework 3.6.0.569 (ePolicy Orchestrator 4.0)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489476/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1695.json b/2008/1xxx/CVE-2008-1695.json index 9eba4b78a24..ed64f61078c 100644 --- a/2008/1xxx/CVE-2008-1695.json +++ b/2008/1xxx/CVE-2008-1695.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1695", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1695", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5123.json b/2008/5xxx/CVE-2008-5123.json index 72545d36f03..5b5ab4eb3f1 100644 --- a/2008/5xxx/CVE-2008-5123.json +++ b/2008/5xxx/CVE-2008-5123.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5123", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows remote attackers to execute arbitrary SQL commands via the u parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5123", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5888", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5888" - }, - { - "name" : "29876", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29876" - }, - { - "name" : "30796", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30796" - }, - { - "name" : "4604", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4604" - }, - { - "name" : "ccleaguepro-admin-sql-injection(43280)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows remote attackers to execute arbitrary SQL commands via the u parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29876", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29876" + }, + { + "name": "5888", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5888" + }, + { + "name": "4604", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4604" + }, + { + "name": "ccleaguepro-admin-sql-injection(43280)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43280" + }, + { + "name": "30796", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30796" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5235.json b/2008/5xxx/CVE-2008-5235.json index 3c0938729fd..a3cecdfc4d8 100644 --- a/2008/5xxx/CVE-2008-5235.json +++ b/2008/5xxx/CVE-2008-5235.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the demux_real_send_chunk function in src/demuxers/demux_real.c in xine-lib before 1.1.15 allows remote attackers to execute arbitrary code via a crafted Real Media file. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=619869", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=619869" - }, - { - "name" : "SUSE-SR:2009:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" - }, - { - "name" : "30698", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30698" - }, - { - "name" : "ADV-2008-2382", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2382" - }, - { - "name" : "1020703", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020703" - }, - { - "name" : "31502", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31502" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the demux_real_send_chunk function in src/demuxers/demux_real.c in xine-lib before 1.1.15 allows remote attackers to execute arbitrary code via a crafted Real Media file. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1020703", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020703" + }, + { + "name": "SUSE-SR:2009:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" + }, + { + "name": "31502", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31502" + }, + { + "name": "ADV-2008-2382", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2382" + }, + { + "name": "30698", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30698" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=619869", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=619869" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5863.json b/2008/5xxx/CVE-2008-5863.json index f2ae7a35496..24973bbcba1 100644 --- a/2008/5xxx/CVE-2008-5863.json +++ b/2008/5xxx/CVE-2008-5863.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5863", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in locator.php in the Userlocator module 3.0 for Woltlab Burning Board (wBB) allows remote attackers to execute arbitrary SQL commands via the y parameter in a get_user action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5863", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7530", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7530" - }, - { - "name" : "32960", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32960" - }, - { - "name" : "4874", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4874" - }, - { - "name" : "userlocator-wbb-locator-sql-injection(47887)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47887" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in locator.php in the Userlocator module 3.0 for Woltlab Burning Board (wBB) allows remote attackers to execute arbitrary SQL commands via the y parameter in a get_user action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4874", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4874" + }, + { + "name": "7530", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7530" + }, + { + "name": "userlocator-wbb-locator-sql-injection(47887)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47887" + }, + { + "name": "32960", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32960" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5993.json b/2008/5xxx/CVE-2008-5993.json index 3747fb0ff99..e1354f93896 100644 --- a/2008/5xxx/CVE-2008-5993.json +++ b/2008/5xxx/CVE-2008-5993.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5993", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in image.php in Barcode Generator 1D (barcodegen) 2.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the code parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6558", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6558" - }, - { - "name" : "barcodegenerator-image-file-include(45406)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45406" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in image.php in Barcode Generator 1D (barcodegen) 2.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the code parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6558", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6558" + }, + { + "name": "barcodegenerator-image-file-include(45406)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45406" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2152.json b/2011/2xxx/CVE-2011-2152.json index 15e6c69bebc..251347e6e1c 100644 --- a/2011/2xxx/CVE-2011-2152.json +++ b/2011/2xxx/CVE-2011-2152.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SmarterTools SmarterStats 6.0 web server generates web pages containing external links in response to GET requests with query strings for (1) Client/frmViewReports.aspx or (2) UserControls/Popups/frmHelp.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (a) web-server access logs or (b) web-server Referer logs, related to a \"cross-domain Referer leakage\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/MORO-8GYQR4", - "refsource" : "MISC", - "url" : "http://www.kb.cert.org/vuls/id/MORO-8GYQR4" - }, - { - "name" : "http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html", - "refsource" : "MISC", - "url" : "http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html" - }, - { - "name" : "VU#240150", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/240150" - }, - { - "name" : "smarterstats-external-links-info-disc(67830)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67830" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SmarterTools SmarterStats 6.0 web server generates web pages containing external links in response to GET requests with query strings for (1) Client/frmViewReports.aspx or (2) UserControls/Popups/frmHelp.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (a) web-server access logs or (b) web-server Referer logs, related to a \"cross-domain Referer leakage\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html", + "refsource": "MISC", + "url": "http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html" + }, + { + "name": "smarterstats-external-links-info-disc(67830)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67830" + }, + { + "name": "http://www.kb.cert.org/vuls/id/MORO-8GYQR4", + "refsource": "MISC", + "url": "http://www.kb.cert.org/vuls/id/MORO-8GYQR4" + }, + { + "name": "VU#240150", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/240150" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2639.json b/2011/2xxx/CVE-2011-2639.json index 25afc5cb0d2..3ac2724a77d 100644 --- a/2011/2xxx/CVE-2011-2639.json +++ b/2011/2xxx/CVE-2011-2639.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 11.10 does not properly handle hidden animated GIF images, which allows remote attackers to cause a denial of service (CPU consumption) via an image file that triggers continual repaints." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1110/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1110/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1110/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1110/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1110/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1110/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 11.10 does not properly handle hidden animated GIF images, which allows remote attackers to cause a denial of service (CPU consumption) via an image file that triggers continual repaints." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/docs/changelogs/windows/1110/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1110/" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1110/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1110/" + }, + { + "name": "http://www.opera.com/docs/changelogs/unix/1110/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1110/" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0074.json b/2013/0xxx/CVE-2013-0074.json index 331de64e6f5..dca326492c3 100644 --- a/2013/0xxx/CVE-2013-0074.json +++ b/2013/0xxx/CVE-2013-0074.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0074", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka \"Silverlight Double Dereference Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-0074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-022", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-022" - }, - { - "name" : "TA13-071A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-071A" - }, - { - "name" : "oval:org.mitre.oval:def:16516", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16516" - }, - { - "name" : "oval:org.mitre.oval:def:16565", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16565" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka \"Silverlight Double Dereference Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16565", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16565" + }, + { + "name": "oval:org.mitre.oval:def:16516", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16516" + }, + { + "name": "TA13-071A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-071A" + }, + { + "name": "MS13-022", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-022" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0181.json b/2013/0xxx/CVE-2013-0181.json index 475bf99ef4f..c4290a3eb92 100644 --- a/2013/0xxx/CVE-2013-0181.json +++ b/2013/0xxx/CVE-2013-0181.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0181", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130114 Re: CVE request for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/01/15/3" - }, - { - "name" : "https://drupal.org/node/1884332", - "refsource" : "MISC", - "url" : "https://drupal.org/node/1884332" - }, - { - "name" : "http://drupalcode.org/project/search_api.git/commitdiff/35b5728", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/search_api.git/commitdiff/35b5728" - }, - { - "name" : "https://drupal.org/node/1884076", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/1884076" - }, - { - "name" : "57231", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57231" - }, - { - "name" : "89117", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/89117" - }, - { - "name" : "51806", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51806" - }, - { - "name" : "drupal-searchapi-unspecified-xss(81153)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81153" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "89117", + "refsource": "OSVDB", + "url": "http://osvdb.org/89117" + }, + { + "name": "http://drupalcode.org/project/search_api.git/commitdiff/35b5728", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/search_api.git/commitdiff/35b5728" + }, + { + "name": "51806", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51806" + }, + { + "name": "[oss-security] 20130114 Re: CVE request for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/01/15/3" + }, + { + "name": "https://drupal.org/node/1884076", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/1884076" + }, + { + "name": "57231", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57231" + }, + { + "name": "drupal-searchapi-unspecified-xss(81153)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81153" + }, + { + "name": "https://drupal.org/node/1884332", + "refsource": "MISC", + "url": "https://drupal.org/node/1884332" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0377.json b/2013/0xxx/CVE-2013-0377.json index fc659f60e4b..cbaac4cf58c 100644 --- a/2013/0xxx/CVE-2013-0377.json +++ b/2013/0xxx/CVE-2013-0377.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Client System Analyzer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-0377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Client System Analyzer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0485.json b/2013/0xxx/CVE-2013-0485.json index 27423910ba0..a347fefbd55 100644 --- a/2013/0xxx/CVE-2013-0485.json +++ b/2013/0xxx/CVE-2013-0485.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in IBM Java SDK 7 before SR4-FP1, 6 before SR13-FP1, 5.0 before SR16-FP1, and 1.4.2 before SR13-FP16 has unknown impact and attack vectors related to Class Libraries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-0485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=950072", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=950072" - }, - { - "name" : "http://www.ibm.com/developerworks/java/jdk/aix/142_64/fixes.html#SR13FP16", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/developerworks/java/jdk/aix/142_64/fixes.html#SR13FP16" - }, - { - "name" : "http://www.ibm.com/developerworks/java/jdk/aix/j532/fixes.html#SR16FP1", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/developerworks/java/jdk/aix/j532/fixes.html#SR16FP1" - }, - { - "name" : "http://www.ibm.com/developerworks/java/jdk/aix/j664/Java6_64.fixes.html#SR13FP1", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/developerworks/java/jdk/aix/j664/Java6_64.fixes.html#SR13FP1" - }, - { - "name" : "http://www.ibm.com/developerworks/java/jdk/aix/j732/Java7.fixes.html#SR4FP1", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/developerworks/java/jdk/aix/j732/Java7.fixes.html#SR4FP1" - }, - { - "name" : "SUSE-SU-2013:0701", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in IBM Java SDK 7 before SR4-FP1, 6 before SR13-FP1, 5.0 before SR16-FP1, and 1.4.2 before SR13-FP16 has unknown impact and attack vectors related to Class Libraries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/developerworks/java/jdk/aix/j532/fixes.html#SR16FP1", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/developerworks/java/jdk/aix/j532/fixes.html#SR16FP1" + }, + { + "name": "http://www.ibm.com/developerworks/java/jdk/aix/j732/Java7.fixes.html#SR4FP1", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/developerworks/java/jdk/aix/j732/Java7.fixes.html#SR4FP1" + }, + { + "name": "http://www.ibm.com/developerworks/java/jdk/aix/j664/Java6_64.fixes.html#SR13FP1", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/developerworks/java/jdk/aix/j664/Java6_64.fixes.html#SR13FP1" + }, + { + "name": "http://www.ibm.com/developerworks/java/jdk/aix/142_64/fixes.html#SR13FP16", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/developerworks/java/jdk/aix/142_64/fixes.html#SR13FP16" + }, + { + "name": "SUSE-SU-2013:0701", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=950072", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=950072" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0548.json b/2013/0xxx/CVE-2013-0548.json index 6eec48c2102..2a9f8283334 100644 --- a/2013/0xxx/CVE-2013-0548.json +++ b/2013/0xxx/CVE-2013-0548.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-0548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21635080", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21635080" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21640752", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21640752" - }, - { - "name" : "IV27192", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV27192" - }, - { - "name" : "IV30187", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV30187" - }, - { - "name" : "IV40115", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV40115" - }, - { - "name" : "IV40116", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV40116" - }, - { - "name" : "itm-cve20130548-xss(82767)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82767" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IV40115", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV40115" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21635080", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21635080" + }, + { + "name": "IV30187", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV30187" + }, + { + "name": "IV27192", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV27192" + }, + { + "name": "IV40116", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV40116" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21640752", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21640752" + }, + { + "name": "itm-cve20130548-xss(82767)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82767" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0830.json b/2013/0xxx/CVE-2013-0830.json index 46912aa54de..db60d0afc7c 100644 --- a/2013/0xxx/CVE-2013-0830.json +++ b/2013/0xxx/CVE-2013-0830.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0830", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a NUL character required for termination of an unspecified data structure, which has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-0830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=162066", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=162066" - }, - { - "name" : "openSUSE-SU-2013:0236", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00005.html" - }, - { - "name" : "oval:org.mitre.oval:def:15907", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15907" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a NUL character required for termination of an unspecified data structure, which has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:15907", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15907" + }, + { + "name": "openSUSE-SU-2013:0236", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00005.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=162066", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=162066" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1222.json b/2013/1xxx/CVE-2013-1222.json index f79bb181c3d..f180c14403d 100644 --- a/2013/1xxx/CVE-2013-1222.json +++ b/2013/1xxx/CVE-2013-1222.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to launch arbitrary custom web applications via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38379." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130508 Multiple Vulnerabilities in Cisco Unified Customer Voice Portal Software", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to launch arbitrary custom web applications via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38379." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130508 Multiple Vulnerabilities in Cisco Unified Customer Voice Portal Software", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1535.json b/2013/1xxx/CVE-2013-1535.json index 0e18e1bbfa2..33da28f78a0 100644 --- a/2013/1xxx/CVE-2013-1535.json +++ b/2013/1xxx/CVE-2013-1535.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0, 5.1.0, 5.2.0, 5.3.4, and 6.0.1 allows remote attackers to affect confidentiality via vectors related to BASE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-1535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0, 5.1.0, 5.2.0, 5.3.4, and 6.0.1 allows remote attackers to affect confidentiality via vectors related to BASE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1621.json b/2013/1xxx/CVE-2013-1621.json index edd0cfc72a4..671333d8054 100644 --- a/2013/1xxx/CVE-2013-1621.json +++ b/2013/1xxx/CVE-2013-1621.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/02/05/24" - }, - { - "name" : "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf", - "refsource" : "MISC", - "url" : "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf" - }, - { - "name" : "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released", - "refsource" : "CONFIRM", - "url" : "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released" - }, - { - "name" : "DSA-2622", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2622" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf", + "refsource": "MISC", + "url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf" + }, + { + "name": "DSA-2622", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2622" + }, + { + "name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/02/05/24" + }, + { + "name": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released", + "refsource": "CONFIRM", + "url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1984.json b/2013/1xxx/CVE-2013-1984.json index ea083049ce9..aba5b6ffc8c 100644 --- a/2013/1xxx/CVE-2013-1984.json +++ b/2013/1xxx/CVE-2013-1984.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1984", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/05/23/3" - }, - { - "name" : "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23", - "refsource" : "CONFIRM", - "url" : "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23" - }, - { - "name" : "DSA-2683", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2683" - }, - { - "name" : "FEDORA-2013-9046", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html" - }, - { - "name" : "openSUSE-SU-2013:1033", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html" - }, - { - "name" : "USN-1859-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1859-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1859-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1859-1" + }, + { + "name": "FEDORA-2013-9046", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html" + }, + { + "name": "openSUSE-SU-2013:1033", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html" + }, + { + "name": "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3" + }, + { + "name": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23", + "refsource": "CONFIRM", + "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23" + }, + { + "name": "DSA-2683", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2683" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3277.json b/2013/3xxx/CVE-2013-3277.json index f37ab92ced9..92a7c44a774 100644 --- a/2013/3xxx/CVE-2013-3277.json +++ b/2013/3xxx/CVE-2013-3277.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2013-3277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130903 ESA-2013-057: RSA Archer GRC Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-09/0013.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130903 ESA-2013-057: RSA Archer GRC Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0013.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3485.json b/2013/3xxx/CVE-2013-3485.json index bd970694073..a0ce0879d88 100644 --- a/2013/3xxx/CVE-2013-3485.json +++ b/2013/3xxx/CVE-2013-3485.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple untrusted search path vulnerabilities in Soda PDF 5.1.183.10520 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) api-ms-win-core-localregistry-l1-1-0.dll file in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2013-3485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "53207", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53207" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple untrusted search path vulnerabilities in Soda PDF 5.1.183.10520 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) api-ms-win-core-localregistry-l1-1-0.dll file in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53207", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53207" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4459.json b/2013/4xxx/CVE-2013-4459.json index 8b2b8ed7836..3ddf755ad7e 100644 --- a/2013/4xxx/CVE-2013-4459.json +++ b/2013/4xxx/CVE-2013-4459.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the AppArmor profile to the Guest account, which allows local users to bypass intended restrictions by leveraging the Guest account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[LightDM] 20131030 lightdm 1.9.2 released", - "refsource" : "MLIST", - "url" : "http://lists.freedesktop.org/archives/lightdm/2013-October/000471.html" - }, - { - "name" : "[LightDM] 20131031 lightdm 1.8.4 released", - "refsource" : "MLIST", - "url" : "http://lists.freedesktop.org/archives/lightdm/2013-October/000472.html" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/1243339", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/1243339" - }, - { - "name" : "USN-2012-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2012-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the AppArmor profile to the Guest account, which allows local users to bypass intended restrictions by leveraging the Guest account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2012-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2012-1" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/1243339", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/1243339" + }, + { + "name": "[LightDM] 20131030 lightdm 1.9.2 released", + "refsource": "MLIST", + "url": "http://lists.freedesktop.org/archives/lightdm/2013-October/000471.html" + }, + { + "name": "[LightDM] 20131031 lightdm 1.8.4 released", + "refsource": "MLIST", + "url": "http://lists.freedesktop.org/archives/lightdm/2013-October/000472.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4520.json b/2013/4xxx/CVE-2013-4520.json index 342ed1cb860..63047b4636f 100644 --- a/2013/4xxx/CVE-2013-4520.json +++ b/2013/4xxx/CVE-2013-4520.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4520", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4520", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131105 CVE Request: additional fix for CVE-2012-2825 libxslt crash", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q4/238" - }, - { - "name" : "[oss-security] 20131105 Re: CVE Request: additional fix for CVE-2012-2825 libxslt crash", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q4/239" - }, - { - "name" : "https://gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caa", - "refsource" : "MISC", - "url" : "https://gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caa" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=849019", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=849019" - }, - { - "name" : "SUSE-SU-2013:1654", - "refsource" : "SUSE", - "url" : "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html" - }, - { - "name" : "SUSE-SU-2013:1656", - "refsource" : "SUSE", - "url" : "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html" - }, - { - "name" : "99671", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/99671" - }, - { - "name" : "56072", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56072" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20131105 Re: CVE Request: additional fix for CVE-2012-2825 libxslt crash", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q4/239" + }, + { + "name": "https://gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caa", + "refsource": "MISC", + "url": "https://gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caa" + }, + { + "name": "SUSE-SU-2013:1654", + "refsource": "SUSE", + "url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html" + }, + { + "name": "SUSE-SU-2013:1656", + "refsource": "SUSE", + "url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html" + }, + { + "name": "56072", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56072" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=849019", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=849019" + }, + { + "name": "99671", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/99671" + }, + { + "name": "[oss-security] 20131105 CVE Request: additional fix for CVE-2012-2825 libxslt crash", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q4/238" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4587.json b/2013/4xxx/CVE-2013-4587.json index b6e4a171b2d..741db5da9bd 100644 --- a/2013/4xxx/CVE-2013-4587.json +++ b/2013/4xxx/CVE-2013-4587.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4587", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131212 Re: [vs-plain] kvm issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/12/12/12" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=338c7dbadd2671189cec7faf64c84d01071b3f96", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=338c7dbadd2671189cec7faf64c84d01071b3f96" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1030986", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1030986" - }, - { - "name" : "https://github.com/torvalds/linux/commit/338c7dbadd2671189cec7faf64c84d01071b3f96", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/338c7dbadd2671189cec7faf64c84d01071b3f96" - }, - { - "name" : "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.54", - "refsource" : "CONFIRM", - "url" : "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.54" - }, - { - "name" : "openSUSE-SU-2014:0205", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html" - }, - { - "name" : "openSUSE-SU-2014:0247", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-02/msg00045.html" - }, - { - "name" : "openSUSE-SU-2014:0204", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html" - }, - { - "name" : "USN-2113-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2113-1" - }, - { - "name" : "USN-2117-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2117-1" - }, - { - "name" : "USN-2109-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2109-1" - }, - { - "name" : "USN-2110-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2110-1" - }, - { - "name" : "USN-2128-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2128-1" - }, - { - "name" : "USN-2129-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2129-1" - }, - { - "name" : "USN-2135-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2135-1" - }, - { - "name" : "USN-2136-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2136-1" - }, - { - "name" : "USN-2138-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2138-1" - }, - { - "name" : "USN-2139-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2139-1" - }, - { - "name" : "USN-2141-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2141-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2135-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2135-1" + }, + { + "name": "openSUSE-SU-2014:0247", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00045.html" + }, + { + "name": "USN-2138-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2138-1" + }, + { + "name": "USN-2113-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2113-1" + }, + { + "name": "USN-2141-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2141-1" + }, + { + "name": "[oss-security] 20131212 Re: [vs-plain] kvm issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/12/12/12" + }, + { + "name": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.54", + "refsource": "CONFIRM", + "url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.54" + }, + { + "name": "USN-2110-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2110-1" + }, + { + "name": "USN-2129-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2129-1" + }, + { + "name": "USN-2136-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2136-1" + }, + { + "name": "USN-2128-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2128-1" + }, + { + "name": "USN-2139-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2139-1" + }, + { + "name": "USN-2117-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2117-1" + }, + { + "name": "USN-2109-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2109-1" + }, + { + "name": "openSUSE-SU-2014:0204", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1030986", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1030986" + }, + { + "name": "openSUSE-SU-2014:0205", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=338c7dbadd2671189cec7faf64c84d01071b3f96", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=338c7dbadd2671189cec7faf64c84d01071b3f96" + }, + { + "name": "https://github.com/torvalds/linux/commit/338c7dbadd2671189cec7faf64c84d01071b3f96", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/338c7dbadd2671189cec7faf64c84d01071b3f96" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12200.json b/2017/12xxx/CVE-2017-12200.json index 26df9a59642..b674089dd37 100644 --- a/2017/12xxx/CVE-2017-12200.json +++ b/2017/12xxx/CVE-2017-12200.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XSS in the Add Product Manually component." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/kevins1022/cve/blob/master/wordpress-product-catalog.md", - "refsource" : "MISC", - "url" : "https://github.com/kevins1022/cve/blob/master/wordpress-product-catalog.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XSS in the Add Product Manually component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/kevins1022/cve/blob/master/wordpress-product-catalog.md", + "refsource": "MISC", + "url": "https://github.com/kevins1022/cve/blob/master/wordpress-product-catalog.md" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12415.json b/2017/12xxx/CVE-2017-12415.json index 7e637bc5c93..b4ab28b76f8 100644 --- a/2017/12xxx/CVE-2017-12415.json +++ b/2017/12xxx/CVE-2017-12415.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OXID eShop Community Edition before 6.0.0 RC2 (development), 4.10.x before 4.10.5 (maintenance), and 4.9.x before 4.9.10 (legacy), Enterprise Edition before 6.0.0 RC2 (development), 5.2.x before 5.2.10 (legacy), and 5.3.x before 5.3.5 (maintenance), and Professional Edition before 6.0.0 RC2 (development), 4.9.x before 4.9.10 (legacy) and 4.10.x before 4.10.5 (maintenance) allow remote attackers to hijack the cart session of a client via Cross-Site Request Forgery (CSRF) if the following pre-conditions are met: (1) the attacker knows which shop is presently used by the client, (2) the attacker knows the exact time when the customer will add product items to the cart, (3) the attacker knows which product items are already in the cart (has to know their article IDs), and (4) the attacker would be able to trick user into clicking a button (submit form) of an e-mail or remote site within the period of visiting the shop and placing an order." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.oxid-esales.com/view.php?id=6674", - "refsource" : "CONFIRM", - "url" : "https://bugs.oxid-esales.com/view.php?id=6674" - }, - { - "name" : "https://oxidforge.org/en/security-bulletin-2017-001.html", - "refsource" : "CONFIRM", - "url" : "https://oxidforge.org/en/security-bulletin-2017-001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OXID eShop Community Edition before 6.0.0 RC2 (development), 4.10.x before 4.10.5 (maintenance), and 4.9.x before 4.9.10 (legacy), Enterprise Edition before 6.0.0 RC2 (development), 5.2.x before 5.2.10 (legacy), and 5.3.x before 5.3.5 (maintenance), and Professional Edition before 6.0.0 RC2 (development), 4.9.x before 4.9.10 (legacy) and 4.10.x before 4.10.5 (maintenance) allow remote attackers to hijack the cart session of a client via Cross-Site Request Forgery (CSRF) if the following pre-conditions are met: (1) the attacker knows which shop is presently used by the client, (2) the attacker knows the exact time when the customer will add product items to the cart, (3) the attacker knows which product items are already in the cart (has to know their article IDs), and (4) the attacker would be able to trick user into clicking a button (submit form) of an e-mail or remote site within the period of visiting the shop and placing an order." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.oxid-esales.com/view.php?id=6674", + "refsource": "CONFIRM", + "url": "https://bugs.oxid-esales.com/view.php?id=6674" + }, + { + "name": "https://oxidforge.org/en/security-bulletin-2017-001.html", + "refsource": "CONFIRM", + "url": "https://oxidforge.org/en/security-bulletin-2017-001.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12817.json b/2017/12xxx/CVE-2017-12817.json index 0e34e341844..88a407d7abb 100644 --- a/2017/12xxx/CVE-2017-12817.json +++ b/2017/12xxx/CVE-2017-12817.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnerability@kaspersky.com", - "ID" : "CVE-2017-12817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Kaspersky Lab Kaspersky Internet Security for Android 11.12.4.1622", - "version" : { - "version_data" : [ - { - "version_value" : "Kaspersky Lab Kaspersky Internet Security for Android 11.12.4.1622" - } - ] - } - } - ] - }, - "vendor_name" : "Kaspersky Lab" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect encryption" - } + "CVE_data_meta": { + "ASSIGNER": "vulnerability@kaspersky.com", + "ID": "CVE-2017-12817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kaspersky Lab Kaspersky Internet Security for Android 11.12.4.1622", + "version": { + "version_data": [ + { + "version_value": "Kaspersky Lab Kaspersky Internet Security for Android 11.12.4.1622" + } + ] + } + } + ] + }, + "vendor_name": "Kaspersky Lab" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.kaspersky.com/vulnerability.aspx?el=12430#090817", - "refsource" : "CONFIRM", - "url" : "https://support.kaspersky.com/vulnerability.aspx?el=12430#090817" - }, - { - "name" : "100504", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100504" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect encryption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.kaspersky.com/vulnerability.aspx?el=12430#090817", + "refsource": "CONFIRM", + "url": "https://support.kaspersky.com/vulnerability.aspx?el=12430#090817" + }, + { + "name": "100504", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100504" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13566.json b/2017/13xxx/CVE-2017-13566.json index 1a49136e2a4..0886c1ff235 100644 --- a/2017/13xxx/CVE-2017-13566.json +++ b/2017/13xxx/CVE-2017-13566.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13566", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13566", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13754.json b/2017/13xxx/CVE-2017-13754.json index 8cda3334e90..b5ecd416240 100644 --- a/2017/13xxx/CVE-2017-13754.json +++ b/2017/13xxx/CVE-2017-13754.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the \"advanced settings - time server\" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the \"server name\" field in actions/ChangeConfiguration.html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20170904 Wibu Systems AG CodeMeter 6.50 - Persistent XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/541119/100/0/threaded" - }, - { - "name" : "42610", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42610/" - }, - { - "name" : "20170904 Wibu Systems AG CodeMeter 6.50 - Persistent XSS Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Sep/1" - }, - { - "name" : "https://www.vulnerability-lab.com/get_content.php?id=2074", - "refsource" : "MISC", - "url" : "https://www.vulnerability-lab.com/get_content.php?id=2074" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-102-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-102-02" - }, - { - "name" : "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073133", - "refsource" : "CONFIRM", - "url" : "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073133" - }, - { - "name" : "104433", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the \"advanced settings - time server\" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the \"server name\" field in actions/ChangeConfiguration.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.vulnerability-lab.com/get_content.php?id=2074", + "refsource": "MISC", + "url": "https://www.vulnerability-lab.com/get_content.php?id=2074" + }, + { + "name": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073133", + "refsource": "CONFIRM", + "url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073133" + }, + { + "name": "20170904 Wibu Systems AG CodeMeter 6.50 - Persistent XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/541119/100/0/threaded" + }, + { + "name": "20170904 Wibu Systems AG CodeMeter 6.50 - Persistent XSS Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Sep/1" + }, + { + "name": "104433", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104433" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-102-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-102-02" + }, + { + "name": "42610", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42610/" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13875.json b/2017/13xxx/CVE-2017-13875.json index baf509591cc..e41de6180ed 100644 --- a/2017/13xxx/CVE-2017-13875.json +++ b/2017/13xxx/CVE-2017-13875.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-13875", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-13875", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43327", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43327/" - }, - { - "name" : "https://support.apple.com/HT208331", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208331" - }, - { - "name" : "102099", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102099" - }, - { - "name" : "1039966", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208331", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208331" + }, + { + "name": "1039966", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039966" + }, + { + "name": "102099", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102099" + }, + { + "name": "43327", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43327/" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13937.json b/2017/13xxx/CVE-2017-13937.json index aab2d9b176d..fd76a4b2c83 100644 --- a/2017/13xxx/CVE-2017-13937.json +++ b/2017/13xxx/CVE-2017-13937.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13937", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13937", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13945.json b/2017/13xxx/CVE-2017-13945.json index 6a53c8d22fc..96b7ceacdda 100644 --- a/2017/13xxx/CVE-2017-13945.json +++ b/2017/13xxx/CVE-2017-13945.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13945", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13945", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16079.json b/2017/16xxx/CVE-2017-16079.json index 396af30fa64..77fe5c7c45a 100644 --- a/2017/16xxx/CVE-2017-16079.json +++ b/2017/16xxx/CVE-2017-16079.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "smb node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "smb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Embedded Malicious Code (CWE-506)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "smb node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/518", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/518" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "smb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Embedded Malicious Code (CWE-506)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/518", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/518" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16129.json b/2017/16xxx/CVE-2017-16129.json index e9b63b92adb..e913b513c23 100644 --- a/2017/16xxx/CVE-2017-16129.json +++ b/2017/16xxx/CVE-2017-16129.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "superagent node module", - "version" : { - "version_data" : [ - { - "version_value" : "<3.7.0" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive CPU and/or memory consumption. An attacker might exploit such a weakness for a DoS attack. To exploit this the attacker must control the location (URL) that superagent makes a request to." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Handling of Highly Compressed Data (Data Amplification) (CWE-409)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "superagent node module", + "version": { + "version_data": [ + { + "version_value": "<3.7.0" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/visionmedia/superagent/issues/1259", - "refsource" : "MISC", - "url" : "https://github.com/visionmedia/superagent/issues/1259" - }, - { - "name" : "https://nodesecurity.io/advisories/479", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/479" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive CPU and/or memory consumption. An attacker might exploit such a weakness for a DoS attack. To exploit this the attacker must control the location (URL) that superagent makes a request to." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Handling of Highly Compressed Data (Data Amplification) (CWE-409)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/479", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/479" + }, + { + "name": "https://github.com/visionmedia/superagent/issues/1259", + "refsource": "MISC", + "url": "https://github.com/visionmedia/superagent/issues/1259" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16437.json b/2017/16xxx/CVE-2017-16437.json index cbe31a52f73..459d22c931c 100644 --- a/2017/16xxx/CVE-2017-16437.json +++ b/2017/16xxx/CVE-2017-16437.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16437", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-16437", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16470.json b/2017/16xxx/CVE-2017-16470.json index c77abb94b08..c0d9022c620 100644 --- a/2017/16xxx/CVE-2017-16470.json +++ b/2017/16xxx/CVE-2017-16470.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16470", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-16470", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16585.json b/2017/16xxx/CVE-2017-16585.json index 43e09b2f23e..ffd41b02e4f 100644 --- a/2017/16xxx/CVE-2017-16585.json +++ b/2017/16xxx/CVE-2017-16585.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2017-16585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "8.3.2.25013" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the app.response method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5294." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416-Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2017-16585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "8.3.2.25013" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-17-896", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-17-896" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the app.response method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5294." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416-Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-17-896", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-17-896" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17098.json b/2017/17xxx/CVE-2017-17098.json index 0844c7fcb66..369d9f59b7b 100644 --- a/2017/17xxx/CVE-2017-17098.json +++ b/2017/17xxx/CVE-2017-17098.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by in a login request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43431", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43431/" - }, - { - "name" : "https://gist.github.com/pak0s/ea7a80c2614d9cd43cfb8230c65c9fec", - "refsource" : "MISC", - "url" : "https://gist.github.com/pak0s/ea7a80c2614d9cd43cfb8230c65c9fec" - }, - { - "name" : "https://s1.gps-server.net/changelog.txt", - "refsource" : "MISC", - "url" : "https://s1.gps-server.net/changelog.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by in a login request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/pak0s/ea7a80c2614d9cd43cfb8230c65c9fec", + "refsource": "MISC", + "url": "https://gist.github.com/pak0s/ea7a80c2614d9cd43cfb8230c65c9fec" + }, + { + "name": "43431", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43431/" + }, + { + "name": "https://s1.gps-server.net/changelog.txt", + "refsource": "MISC", + "url": "https://s1.gps-server.net/changelog.txt" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17416.json b/2017/17xxx/CVE-2017-17416.json index 8d3accd831b..db37292487f 100644 --- a/2017/17xxx/CVE-2017-17416.json +++ b/2017/17xxx/CVE-2017-17416.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2017-17416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Quest NetVault Backup", - "version" : { - "version_data" : [ - { - "version_value" : "11.3.0.12" - } - ] - } - } - ] - }, - "vendor_name" : "Quest" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus GetPlugins method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4227." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-89-Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2017-17416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Quest NetVault Backup", + "version": { + "version_data": [ + { + "version_value": "11.3.0.12" + } + ] + } + } + ] + }, + "vendor_name": "Quest" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-17-981", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-17-981" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus GetPlugins method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4227." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89-Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-17-981", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-17-981" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17572.json b/2017/17xxx/CVE-2017-17572.json index 45c36e4cdec..a65337b4897 100644 --- a/2017/17xxx/CVE-2017-17572.json +++ b/2017/17xxx/CVE-2017-17572.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17572", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17572", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43259", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43259/" - }, - { - "name" : "https://packetstormsecurity.com/files/145303/FS-Amazon-Clone-1.0-SQL-Injection.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/145303/FS-Amazon-Clone-1.0-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43259", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43259/" + }, + { + "name": "https://packetstormsecurity.com/files/145303/FS-Amazon-Clone-1.0-SQL-Injection.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/145303/FS-Amazon-Clone-1.0-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4419.json b/2017/4xxx/CVE-2017-4419.json index 632cf6a9156..f3be1dd3f8d 100644 --- a/2017/4xxx/CVE-2017-4419.json +++ b/2017/4xxx/CVE-2017-4419.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4419", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4419", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18485.json b/2018/18xxx/CVE-2018-18485.json index b5ff507ecba..e2082a0e7fa 100644 --- a/2018/18xxx/CVE-2018-18485.json +++ b/2018/18xxx/CVE-2018-18485.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in PHPSHE 1.7. admin.php?mod=db&act=del allows remote attackers to delete arbitrary files via directory traversal sequences in the dbname parameter. This can be leveraged to reload the product by deleting install.lock." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gitee.com/koyshe/phpshe/issues/INOG4", - "refsource" : "MISC", - "url" : "https://gitee.com/koyshe/phpshe/issues/INOG4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in PHPSHE 1.7. admin.php?mod=db&act=del allows remote attackers to delete arbitrary files via directory traversal sequences in the dbname parameter. This can be leveraged to reload the product by deleting install.lock." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitee.com/koyshe/phpshe/issues/INOG4", + "refsource": "MISC", + "url": "https://gitee.com/koyshe/phpshe/issues/INOG4" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18982.json b/2018/18xxx/CVE-2018-18982.json index b612577e466..5500257d41d 100644 --- a/2018/18xxx/CVE-2018-18982.json +++ b/2018/18xxx/CVE-2018-18982.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2018-18982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NUUO CMS", - "version" : { - "version_data" : [ - { - "version_value" : "All versions 3.3 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2018-18982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NUUO CMS", + "version": { + "version_data": [ + { + "version_value": "All versions 3.3 and prior" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "46449", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46449/" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46449", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46449/" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1098.json b/2018/1xxx/CVE-2018-1098.json index b9fb2cfc0ed..cca2acf8aaf 100644 --- a/2018/1xxx/CVE-2018-1098.json +++ b/2018/1xxx/CVE-2018-1098.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2018-02-25T00:00:00", - "ID" : "CVE-2018-1098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "etcd", - "version" : { - "version_data" : [ - { - "version_value" : "3.3.1 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT from an HTML form or such) but POST allows creating in-order keys that an attacker can send." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-352" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2018-02-25T00:00:00", + "ID": "CVE-2018-1098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "etcd", + "version": { + "version_data": [ + { + "version_value": "3.3.1 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1552714", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1552714" - }, - { - "name" : "https://github.com/coreos/etcd/issues/9353", - "refsource" : "CONFIRM", - "url" : "https://github.com/coreos/etcd/issues/9353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT from an HTML form or such) but POST allows creating in-order keys that an attacker can send." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1552714", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552714" + }, + { + "name": "https://github.com/coreos/etcd/issues/9353", + "refsource": "CONFIRM", + "url": "https://github.com/coreos/etcd/issues/9353" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1302.json b/2018/1xxx/CVE-2018-1302.json index 727e71432f3..7efa65e2ce2 100644 --- a/2018/1xxx/CVE-2018-1302.json +++ b/2018/1xxx/CVE-2018-1302.json @@ -1,103 +1,103 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-03-23T00:00:00", - "ID" : "CVE-2018-1302", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache HTTP Server", - "version" : { - "version_data" : [ - { - "version_value" : "2.4.17 to 2.4.29" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Possible write of after free on HTTP/2 stream shutdown" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-03-23T00:00:00", + "ID": "CVE-2018-1302", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache HTTP Server", + "version": { + "version_data": [ + { + "version_value": "2.4.17 to 2.4.29" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20180323 CVE-2018-1302: Possible write of after free on HTTP/2 stream shutdown", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2018/03/24/5" - }, - { - "name" : "https://httpd.apache.org/security/vulnerabilities_24.html", - "refsource" : "CONFIRM", - "url" : "https://httpd.apache.org/security/vulnerabilities_24.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180601-0004/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180601-0004/" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us" - }, - { - "name" : "RHSA-2019:0366", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0366" - }, - { - "name" : "RHSA-2019:0367", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0367" - }, - { - "name" : "USN-3783-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3783-1/" - }, - { - "name" : "103528", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103528" - }, - { - "name" : "1040567", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040567" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Possible write of after free on HTTP/2 stream shutdown" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20180601-0004/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180601-0004/" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us" + }, + { + "name": "RHSA-2019:0367", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0367" + }, + { + "name": "[oss-security] 20180323 CVE-2018-1302: Possible write of after free on HTTP/2 stream shutdown", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2018/03/24/5" + }, + { + "name": "103528", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103528" + }, + { + "name": "1040567", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040567" + }, + { + "name": "USN-3783-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3783-1/" + }, + { + "name": "https://httpd.apache.org/security/vulnerabilities_24.html", + "refsource": "CONFIRM", + "url": "https://httpd.apache.org/security/vulnerabilities_24.html" + }, + { + "name": "RHSA-2019:0366", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0366" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1413.json b/2018/1xxx/CVE-2018-1413.json index 2ed89b49e41..0dcd6acb0d9 100644 --- a/2018/1xxx/CVE-2018-1413.json +++ b/2018/1xxx/CVE-2018-1413.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-05-04T00:00:00", - "ID" : "CVE-2018-1413", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cognos Analytics", - "version" : { - "version_data" : [ - { - "version_value" : "11.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138819." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-05-04T00:00:00", + "ID": "CVE-2018-1413", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cognos Analytics", + "version": { + "version_data": [ + { + "version_value": "11.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22016039", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22016039" - }, - { - "name" : "104117", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104117" - }, - { - "name" : "1040889", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040889" - }, - { - "name" : "ibm-cognos-cve20181413-xss(138819)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/138819" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138819." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040889", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040889" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22016039", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22016039" + }, + { + "name": "ibm-cognos-cve20181413-xss(138819)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138819" + }, + { + "name": "104117", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104117" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1880.json b/2018/1xxx/CVE-2018-1880.json index c924789269f..c50fc507fc3 100644 --- a/2018/1xxx/CVE-2018-1880.json +++ b/2018/1xxx/CVE-2018-1880.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1880", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-1880", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5920.json b/2018/5xxx/CVE-2018-5920.json index ef8001a5988..42bf667a887 100644 --- a/2018/5xxx/CVE-2018-5920.json +++ b/2018/5xxx/CVE-2018-5920.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5920", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5920", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5947.json b/2018/5xxx/CVE-2018-5947.json index 0a032f0ec9a..5e062e1b897 100644 --- a/2018/5xxx/CVE-2018-5947.json +++ b/2018/5xxx/CVE-2018-5947.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5947", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5947", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5966.json b/2018/5xxx/CVE-2018-5966.json index 47ee2ccbdc3..ce7698efb1e 100644 --- a/2018/5xxx/CVE-2018-5966.json +++ b/2018/5xxx/CVE-2018-5966.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5966", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5966", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file