From 4903175cc296a8e55d68c8b954c6f77cc5995cb6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:41:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0086.json | 140 ++++---- 2001/0xxx/CVE-2001-0165.json | 140 ++++---- 2001/0xxx/CVE-2001-0549.json | 140 ++++---- 2001/0xxx/CVE-2001-0555.json | 180 +++++----- 2001/0xxx/CVE-2001-0960.json | 150 ++++----- 2008/0xxx/CVE-2008-0062.json | 600 ++++++++++++++++----------------- 2008/1xxx/CVE-2008-1113.json | 180 +++++----- 2008/1xxx/CVE-2008-1721.json | 440 ++++++++++++------------ 2008/5xxx/CVE-2008-5402.json | 210 ++++++------ 2008/5xxx/CVE-2008-5669.json | 160 ++++----- 2008/5xxx/CVE-2008-5989.json | 150 ++++----- 2011/2xxx/CVE-2011-2118.json | 130 +++---- 2013/0xxx/CVE-2013-0364.json | 150 ++++----- 2013/0xxx/CVE-2013-0486.json | 150 ++++----- 2013/0xxx/CVE-2013-0570.json | 130 +++---- 2013/1xxx/CVE-2013-1279.json | 140 ++++---- 2013/1xxx/CVE-2013-1803.json | 260 +++++++------- 2013/3xxx/CVE-2013-3022.json | 34 +- 2013/3xxx/CVE-2013-3482.json | 160 ++++----- 2013/3xxx/CVE-2013-3838.json | 120 +++---- 2013/3xxx/CVE-2013-3845.json | 140 ++++---- 2013/4xxx/CVE-2013-4039.json | 180 +++++----- 2013/4xxx/CVE-2013-4101.json | 34 +- 2013/4xxx/CVE-2013-4560.json | 170 +++++----- 2013/4xxx/CVE-2013-4837.json | 130 +++---- 2013/4xxx/CVE-2013-4953.json | 130 +++---- 2017/12xxx/CVE-2017-12362.json | 140 ++++---- 2017/12xxx/CVE-2017-12730.json | 130 +++---- 2017/12xxx/CVE-2017-12935.json | 150 ++++----- 2017/13xxx/CVE-2017-13267.json | 158 ++++----- 2017/13xxx/CVE-2017-13277.json | 158 ++++----- 2017/13xxx/CVE-2017-13340.json | 34 +- 2017/16xxx/CVE-2017-16047.json | 122 +++---- 2017/16xxx/CVE-2017-16117.json | 132 ++++---- 2017/16xxx/CVE-2017-16498.json | 34 +- 2017/17xxx/CVE-2017-17267.json | 34 +- 2017/17xxx/CVE-2017-17538.json | 120 +++---- 2017/17xxx/CVE-2017-17657.json | 120 +++---- 2018/18xxx/CVE-2018-18543.json | 34 +- 2018/18xxx/CVE-2018-18705.json | 120 +++---- 2018/18xxx/CVE-2018-18944.json | 34 +- 2018/19xxx/CVE-2018-19776.json | 34 +- 2018/1xxx/CVE-2018-1004.json | 384 ++++++++++----------- 2018/1xxx/CVE-2018-1176.json | 130 +++---- 2018/1xxx/CVE-2018-1263.json | 132 ++++---- 2018/1xxx/CVE-2018-1267.json | 122 +++---- 2018/5xxx/CVE-2018-5082.json | 120 +++---- 2018/5xxx/CVE-2018-5350.json | 34 +- 2018/5xxx/CVE-2018-5635.json | 34 +- 49 files changed, 3529 insertions(+), 3529 deletions(-) diff --git a/2001/0xxx/CVE-2001-0086.json b/2001/0xxx/CVE-2001-0086.json index 3367a1e2cbc..7e9fc53aee6 100644 --- a/2001/0xxx/CVE-2001-0086.json +++ b/2001/0xxx/CVE-2001-0086.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0086", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote attackers to delete arbitrary mailing list users without authentication by directly calling subscribe.pl with the target address as a parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0086", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001212 Security Advisory: Subscribe Me Lite 1.0 - 2.0 Unix or 1.0 - 2.0 NT and below.", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2000-12/0160.html" - }, - { - "name" : "2108", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2108" - }, - { - "name" : "subscribemelite-gain-admin-access(5735)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5735" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote attackers to delete arbitrary mailing list users without authentication by directly calling subscribe.pl with the target address as a parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "subscribemelite-gain-admin-access(5735)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5735" + }, + { + "name": "20001212 Security Advisory: Subscribe Me Lite 1.0 - 2.0 Unix or 1.0 - 2.0 NT and below.", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0160.html" + }, + { + "name": "2108", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2108" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0165.json b/2001/0xxx/CVE-2001-0165.json index 6705478653f..81e15e5141d 100644 --- a/2001/0xxx/CVE-2001-0165.json +++ b/2001/0xxx/CVE-2001-0165.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in ximp40 shared library in Solaris 7 and Solaris 8 allows local users to gain privileges via a long \"arg0\" (process name) argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010131 [SPSadvisory#40]Solaris7/8 ximp40 shared library buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-01/0517.html" - }, - { - "name" : "solaris-ximp40-bo(6039)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6039" - }, - { - "name" : "2322", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2322" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in ximp40 shared library in Solaris 7 and Solaris 8 allows local users to gain privileges via a long \"arg0\" (process name) argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "solaris-ximp40-bo(6039)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6039" + }, + { + "name": "20010131 [SPSadvisory#40]Solaris7/8 ximp40 shared library buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-01/0517.html" + }, + { + "name": "2322", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2322" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0549.json b/2001/0xxx/CVE-2001-0549.json index d311e07fd91..88359e32235 100644 --- a/2001/0xxx/CVE-2001-0549.json +++ b/2001/0xxx/CVE-2001-0549.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Symantec LiveUpdate 1.5 stores proxy passwords in cleartext in a registry key, which could allow local users to obtain the passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#814187", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/814187" - }, - { - "name" : "http://www.sarc.com/avcenter/security/Content/2001_07_20.html", - "refsource" : "CONFIRM", - "url" : "http://www.sarc.com/avcenter/security/Content/2001_07_20.html" - }, - { - "name" : "liveupdate-obtain-proxy-password(7013)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symantec LiveUpdate 1.5 stores proxy passwords in cleartext in a registry key, which could allow local users to obtain the passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#814187", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/814187" + }, + { + "name": "liveupdate-obtain-proxy-password(7013)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7013" + }, + { + "name": "http://www.sarc.com/avcenter/security/Content/2001_07_20.html", + "refsource": "CONFIRM", + "url": "http://www.sarc.com/avcenter/security/Content/2001_07_20.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0555.json b/2001/0xxx/CVE-2001-0555.json index a7acc7aa87a..54826dcf3db 100644 --- a/2001/0xxx/CVE-2001-0555.json +++ b/2001/0xxx/CVE-2001-0555.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010613 ScreamingMedia SITEWare source code disclosure vulnerability ", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-06/0166.html" - }, - { - "name" : "20010613 ScreamingMedia SITEWare arbitrary file retrieval vulnerability ", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-06/0165.html" - }, - { - "name" : "http://www01.screamingmedia.com/en/security/sms1001.php", - "refsource" : "CONFIRM", - "url" : "http://www01.screamingmedia.com/en/security/sms1001.php" - }, - { - "name" : "VU#795707", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/795707" - }, - { - "name" : "2869", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2869" - }, - { - "name" : "13887", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/13887" - }, - { - "name" : "siteware-dot-file-retrieval(6689)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#795707", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/795707" + }, + { + "name": "http://www01.screamingmedia.com/en/security/sms1001.php", + "refsource": "CONFIRM", + "url": "http://www01.screamingmedia.com/en/security/sms1001.php" + }, + { + "name": "siteware-dot-file-retrieval(6689)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6689" + }, + { + "name": "13887", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/13887" + }, + { + "refsource": "BUGTRAQ", + "name": "20010613 ScreamingMedia SITEWare source code disclosure vulnerability", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0166.html" + }, + { + "refsource": "BUGTRAQ", + "name": "20010613 ScreamingMedia SITEWare arbitrary file retrieval vulnerability", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0165.html" + }, + { + "name": "2869", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2869" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0960.json b/2001/0xxx/CVE-2001-0960.json index b98eac11f48..89688fcf0c4 100644 --- a/2001/0xxx/CVE-2001-0960.json +++ b/2001/0xxx/CVE-2001-0960.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user name and password in cleartext in the aremote.dmp file in the ARCSERVE$ hidden share, which allows local and remote attackers to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010915 ARCserve 6.61 Share Access Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-09/0137.html" - }, - { - "name" : "http://support.ca.com/Download/patches/asitnt/QO00945.html", - "refsource" : "MISC", - "url" : "http://support.ca.com/Download/patches/asitnt/QO00945.html" - }, - { - "name" : "arcserve-aremote-plaintext(7122)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7122" - }, - { - "name" : "3343", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3343" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user name and password in cleartext in the aremote.dmp file in the ARCSERVE$ hidden share, which allows local and remote attackers to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010915 ARCserve 6.61 Share Access Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0137.html" + }, + { + "name": "arcserve-aremote-plaintext(7122)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7122" + }, + { + "name": "http://support.ca.com/Download/patches/asitnt/QO00945.html", + "refsource": "MISC", + "url": "http://support.ca.com/Download/patches/asitnt/QO00945.html" + }, + { + "name": "3343", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3343" + } + ] + } +} \ No newline at end of file diff --git a/2008/0xxx/CVE-2008-0062.json b/2008/0xxx/CVE-2008-0062.json index bff8cc9701c..43cbbc55992 100644 --- a/2008/0xxx/CVE-2008-0062.json +++ b/2008/0xxx/CVE-2008-0062.json @@ -1,302 +1,302 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-0062", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-0062", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489761" - }, - { - "name" : "20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489883/100/0/threaded" - }, - { - "name" : "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493080/100/0/threaded" - }, - { - "name" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt", - "refsource" : "CONFIRM", - "url" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=307562", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=307562" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0112", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0112" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112" - }, - { - "name" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html" - }, - { - "name" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2008-0009.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2008-0009.html" - }, - { - "name" : "APPLE-SA-2008-03-18", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" - }, - { - "name" : "DSA-1524", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1524" - }, - { - "name" : "FEDORA-2008-2637", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html" - }, - { - "name" : "FEDORA-2008-2647", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html" - }, - { - "name" : "GLSA-200803-31", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml" - }, - { - "name" : "HPSBOV02682", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130497213107107&w=2" - }, - { - "name" : "SSRT100495", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130497213107107&w=2" - }, - { - "name" : "MDVSA-2008:070", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:070" - }, - { - "name" : "MDVSA-2008:071", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:071" - }, - { - "name" : "MDVSA-2008:069", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:069" - }, - { - "name" : "RHSA-2008:0164", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0164.html" - }, - { - "name" : "RHSA-2008:0180", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0180.html" - }, - { - "name" : "RHSA-2008:0181", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0181.html" - }, - { - "name" : "RHSA-2008:0182", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0182.html" - }, - { - "name" : "SUSE-SA:2008:016", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html" - }, - { - "name" : "USN-587-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-587-1" - }, - { - "name" : "VU#895609", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/895609" - }, - { - "name" : "28303", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28303" - }, - { - "name" : "oval:org.mitre.oval:def:9496", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9496" - }, - { - "name" : "ADV-2008-0922", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0922/references" - }, - { - "name" : "ADV-2008-0924", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0924/references" - }, - { - "name" : "ADV-2008-1102", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1102/references" - }, - { - "name" : "ADV-2008-1744", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1744" - }, - { - "name" : "1019626", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019626" - }, - { - "name" : "29428", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29428" - }, - { - "name" : "29438", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29438" - }, - { - "name" : "29420", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29420" - }, - { - "name" : "29435", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29435" - }, - { - "name" : "29450", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29450" - }, - { - "name" : "29451", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29451" - }, - { - "name" : "29457", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29457" - }, - { - "name" : "29464", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29464" - }, - { - "name" : "29423", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29423" - }, - { - "name" : "29462", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29462" - }, - { - "name" : "29516", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29516" - }, - { - "name" : "29663", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29663" - }, - { - "name" : "29424", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29424" - }, - { - "name" : "30535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30535" - }, - { - "name" : "krb5-kdc-code-execution(41275)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41275" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-1744", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1744" + }, + { + "name": "29457", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29457" + }, + { + "name": "MDVSA-2008:069", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:069" + }, + { + "name": "29464", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29464" + }, + { + "name": "GLSA-200803-31", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml" + }, + { + "name": "FEDORA-2008-2637", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html" + }, + { + "name": "MDVSA-2008:071", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:071" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0112", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0112" + }, + { + "name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html" + }, + { + "name": "SSRT100495", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2" + }, + { + "name": "29451", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29451" + }, + { + "name": "29663", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29663" + }, + { + "name": "FEDORA-2008-2647", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112" + }, + { + "name": "29438", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29438" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html" + }, + { + "name": "oval:org.mitre.oval:def:9496", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9496" + }, + { + "name": "ADV-2008-0924", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0924/references" + }, + { + "name": "RHSA-2008:0164", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0164.html" + }, + { + "name": "MDVSA-2008:070", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:070" + }, + { + "name": "ADV-2008-0922", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0922/references" + }, + { + "name": "29450", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29450" + }, + { + "name": "29435", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29435" + }, + { + "name": "krb5-kdc-code-execution(41275)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41275" + }, + { + "name": "1019626", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019626" + }, + { + "name": "20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489883/100/0/threaded" + }, + { + "name": "29428", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29428" + }, + { + "name": "29420", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29420" + }, + { + "name": "DSA-1524", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1524" + }, + { + "name": "30535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30535" + }, + { + "name": "APPLE-SA-2008-03-18", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" + }, + { + "name": "RHSA-2008:0182", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0182.html" + }, + { + "name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html" + }, + { + "name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded" + }, + { + "name": "RHSA-2008:0180", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0180.html" + }, + { + "name": "SUSE-SA:2008:016", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html" + }, + { + "name": "29516", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29516" + }, + { + "name": "29462", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29462" + }, + { + "name": "29424", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29424" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=307562", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=307562" + }, + { + "name": "RHSA-2008:0181", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0181.html" + }, + { + "name": "29423", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29423" + }, + { + "name": "USN-587-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-587-1" + }, + { + "name": "ADV-2008-1102", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1102/references" + }, + { + "name": "28303", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28303" + }, + { + "name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt", + "refsource": "CONFIRM", + "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt" + }, + { + "name": "20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489761" + }, + { + "name": "HPSBOV02682", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2" + }, + { + "name": "VU#895609", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/895609" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1113.json b/2008/1xxx/CVE-2008-1113.json index ebcd141c4ae..1035071305c 100644 --- a/2008/1xxx/CVE-2008-1113.json +++ b/2008/1xxx/CVE-2008-1113.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080221 Cisco and Vocera wireless LAN VoIP devices don't check certificates", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2008/Feb/0402.html" - }, - { - "name" : "20080223 Cisco confirms vulnerability in 7921 Wi-Fi IP phone", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2008/Feb/0449.html" - }, - { - "name" : "http://blogs.zdnet.com/security/?p=896", - "refsource" : "MISC", - "url" : "http://blogs.zdnet.com/security/?p=896" - }, - { - "name" : "http://blogs.zdnet.com/security/?p=901", - "refsource" : "MISC", - "url" : "http://blogs.zdnet.com/security/?p=901" - }, - { - "name" : "27935", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27935" - }, - { - "name" : "1019494", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019494" - }, - { - "name" : "29082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blogs.zdnet.com/security/?p=896", + "refsource": "MISC", + "url": "http://blogs.zdnet.com/security/?p=896" + }, + { + "name": "20080223 Cisco confirms vulnerability in 7921 Wi-Fi IP phone", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2008/Feb/0449.html" + }, + { + "name": "1019494", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019494" + }, + { + "name": "20080221 Cisco and Vocera wireless LAN VoIP devices don't check certificates", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2008/Feb/0402.html" + }, + { + "name": "27935", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27935" + }, + { + "name": "http://blogs.zdnet.com/security/?p=901", + "refsource": "MISC", + "url": "http://blogs.zdnet.com/security/?p=901" + }, + { + "name": "29082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29082" + } + ] + } +} \ No newline at end of file diff --git a/2008/1xxx/CVE-2008-1721.json b/2008/1xxx/CVE-2008-1721.json index 8d6799e4c0d..91c44c2b1c5 100644 --- a/2008/1xxx/CVE-2008-1721.json +++ b/2008/1xxx/CVE-2008-1721.json @@ -1,222 +1,222 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-1721", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-1721", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080409 IOActive Security Advisory: Buffer overflow in Python zlib extension module", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490690/100/0/threaded" - }, - { - "name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" - }, - { - "name" : "http://bugs.python.org/issue2586", - "refsource" : "CONFIRM", - "url" : "http://bugs.python.org/issue2586" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0149", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0149" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2444", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2444" - }, - { - "name" : "http://support.apple.com/kb/HT3438", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3438" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100074697", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100074697" - }, - { - "name" : "APPLE-SA-2009-02-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" - }, - { - "name" : "DSA-1551", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1551" - }, - { - "name" : "DSA-1620", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1620" - }, - { - "name" : "GLSA-200807-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200807-01.xml" - }, - { - "name" : "MDVSA-2008:085", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:085" - }, - { - "name" : "SSA:2008-217-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289" - }, - { - "name" : "USN-632-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-632-1" - }, - { - "name" : "28715", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28715" - }, - { - "name" : "oval:org.mitre.oval:def:8249", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8249" - }, - { - "name" : "oval:org.mitre.oval:def:8494", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8494" - }, - { - "name" : "oval:org.mitre.oval:def:9407", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9407" - }, - { - "name" : "37471", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37471" - }, - { - "name" : "38675", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38675" - }, - { - "name" : "ADV-2008-1229", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1229/references" - }, - { - "name" : "1019823", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019823" - }, - { - "name" : "29889", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29889" - }, - { - "name" : "29955", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29955" - }, - { - "name" : "30872", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30872" - }, - { - "name" : "31255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31255" - }, - { - "name" : "31358", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31358" - }, - { - "name" : "31365", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31365" - }, - { - "name" : "33937", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33937" - }, - { - "name" : "3802", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3802" - }, - { - "name" : "ADV-2009-3316", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3316" - }, - { - "name" : "zlib-pystringfromstringandsize-bo(41748)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41748" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200807-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200807-01.xml" + }, + { + "name": "ADV-2008-1229", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1229/references" + }, + { + "name": "30872", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30872" + }, + { + "name": "28715", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28715" + }, + { + "name": "38675", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38675" + }, + { + "name": "33937", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33937" + }, + { + "name": "MDVSA-2008:085", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:085" + }, + { + "name": "37471", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37471" + }, + { + "name": "29955", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29955" + }, + { + "name": "DSA-1551", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1551" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" + }, + { + "name": "http://support.apple.com/kb/HT3438", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3438" + }, + { + "name": "APPLE-SA-2009-02-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" + }, + { + "name": "31358", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31358" + }, + { + "name": "zlib-pystringfromstringandsize-bo(41748)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41748" + }, + { + "name": "USN-632-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-632-1" + }, + { + "name": "1019823", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019823" + }, + { + "name": "http://bugs.python.org/issue2586", + "refsource": "CONFIRM", + "url": "http://bugs.python.org/issue2586" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2444", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2444" + }, + { + "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" + }, + { + "name": "3802", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3802" + }, + { + "name": "31365", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31365" + }, + { + "name": "oval:org.mitre.oval:def:8249", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8249" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100074697", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100074697" + }, + { + "name": "31255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31255" + }, + { + "name": "20080409 IOActive Security Advisory: Buffer overflow in Python zlib extension module", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490690/100/0/threaded" + }, + { + "name": "DSA-1620", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1620" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0149", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0149" + }, + { + "name": "oval:org.mitre.oval:def:9407", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9407" + }, + { + "name": "SSA:2008-217-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289" + }, + { + "name": "ADV-2009-3316", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3316" + }, + { + "name": "29889", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29889" + }, + { + "name": "oval:org.mitre.oval:def:8494", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8494" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5402.json b/2008/5xxx/CVE-2008-5402.json index 08467c92d60..5c7227cd7cd 100644 --- a/2008/5xxx/CVE-2008-5402.json +++ b/2008/5xxx/CVE-2008-5402.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5402", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the \"IMG SRC ID.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5402", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081205 ZDI-08-078: Trillian IMG SRC ID Memory Corruption Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498933/100/0/threaded" - }, - { - "name" : "http://blog.ceruleanstudios.com/?p=404", - "refsource" : "MISC", - "url" : "http://blog.ceruleanstudios.com/?p=404" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-078", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-078" - }, - { - "name" : "32645", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32645" - }, - { - "name" : "ADV-2008-3348", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3348" - }, - { - "name" : "50473", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50473" - }, - { - "name" : "1021334", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021334" - }, - { - "name" : "33001", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33001" - }, - { - "name" : "4701", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4701" - }, - { - "name" : "trillian-xml-code-execution(47098)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the \"IMG SRC ID.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4701", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4701" + }, + { + "name": "trillian-xml-code-execution(47098)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47098" + }, + { + "name": "1021334", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021334" + }, + { + "name": "50473", + "refsource": "OSVDB", + "url": "http://osvdb.org/50473" + }, + { + "name": "32645", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32645" + }, + { + "name": "ADV-2008-3348", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3348" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-078", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-078" + }, + { + "name": "20081205 ZDI-08-078: Trillian IMG SRC ID Memory Corruption Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498933/100/0/threaded" + }, + { + "name": "33001", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33001" + }, + { + "name": "http://blog.ceruleanstudios.com/?p=404", + "refsource": "MISC", + "url": "http://blog.ceruleanstudios.com/?p=404" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5669.json b/2008/5xxx/CVE-2008-5669.json index 6fa41c8d83b..e936fab2837 100644 --- a/2008/5xxx/CVE-2008-5669.json +++ b/2008/5xxx/CVE-2008-5669.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php in the comments preview section in Textpattern (aka Txp CMS) 4.0.5 allows remote attackers to cause a denial of service via a long message parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080204 [DSECRG-08-008] Textpattern 4.0.5 Multiple Security Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487483/100/200/threaded" - }, - { - "name" : "http://textpattern.com/weblog/310/textpattern-406-released", - "refsource" : "CONFIRM", - "url" : "http://textpattern.com/weblog/310/textpattern-406-released" - }, - { - "name" : "27606", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27606" - }, - { - "name" : "28793", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28793" - }, - { - "name" : "4786", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4786" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php in the comments preview section in Textpattern (aka Txp CMS) 4.0.5 allows remote attackers to cause a denial of service via a long message parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28793", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28793" + }, + { + "name": "27606", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27606" + }, + { + "name": "20080204 [DSECRG-08-008] Textpattern 4.0.5 Multiple Security Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487483/100/200/threaded" + }, + { + "name": "4786", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4786" + }, + { + "name": "http://textpattern.com/weblog/310/textpattern-406-released", + "refsource": "CONFIRM", + "url": "http://textpattern.com/weblog/310/textpattern-406-released" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5989.json b/2008/5xxx/CVE-2008-5989.json index fadf4911446..f436f740198 100644 --- a/2008/5xxx/CVE-2008-5989.json +++ b/2008/5xxx/CVE-2008-5989.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in defs.php in PHPcounter 1.3.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the l parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6553", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6553" - }, - { - "name" : "31373", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31373" - }, - { - "name" : "31993", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31993" - }, - { - "name" : "phpcounter-defs-file-include(45378)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45378" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in defs.php in PHPcounter 1.3.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the l parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31373", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31373" + }, + { + "name": "6553", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6553" + }, + { + "name": "phpcounter-defs-file-include(45378)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45378" + }, + { + "name": "31993", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31993" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2118.json b/2011/2xxx/CVE-2011-2118.json index d8007e13a00..8b21b7f34e6 100644 --- a/2011/2xxx/CVE-2011-2118.json +++ b/2011/2xxx/CVE-2011-2118.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FLV ASSET Xtra component in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors, related to an \"input validation vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-2118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-17.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-17.html" - }, - { - "name" : "TA11-166A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-166A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FLV ASSET Xtra component in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors, related to an \"input validation vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-17.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-17.html" + }, + { + "name": "TA11-166A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-166A.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0364.json b/2013/0xxx/CVE-2013-0364.json index e72b48d65db..445a9a6fcd0 100644 --- a/2013/0xxx/CVE-2013-0364.json +++ b/2013/0xxx/CVE-2013-0364.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2013-0362 and CVE-2013-0363." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-0364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" - }, - { - "name" : "HPSBST02955", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139344343412337&w=2" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "57126", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57126" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2013-0362 and CVE-2013-0363." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" + }, + { + "name": "57126", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57126" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "HPSBST02955", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0486.json b/2013/0xxx/CVE-2013-0486.json index 710bc715ef0..66dcba5b46d 100644 --- a/2013/0xxx/CVE-2013-0486.json +++ b/2013/0xxx/CVE-2013-0486.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0486", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the HTTP server in IBM Domino 8.5.x allows remote attackers to cause a denial of service (memory consumption and daemon crash) via GET requests, aka SPR KLYH92NKZY." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-0486", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21627597", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21627597" - }, - { - "name" : "JVN#51305555", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN51305555/index.html" - }, - { - "name" : "JVNDB-2013-000030", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000030.html" - }, - { - "name" : "domino-get-dos(81812)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81812" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the HTTP server in IBM Domino 8.5.x allows remote attackers to cause a denial of service (memory consumption and daemon crash) via GET requests, aka SPR KLYH92NKZY." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "domino-get-dos(81812)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81812" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21627597", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627597" + }, + { + "name": "JVN#51305555", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN51305555/index.html" + }, + { + "name": "JVNDB-2013-000030", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000030.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0570.json b/2013/0xxx/CVE-2013-0570.json index 0e87a1045a0..0c1723aeaeb 100644 --- a/2013/0xxx/CVE-2013-0570.json +++ b/2013/0xxx/CVE-2013-0570.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Fibre Channel over Ethernet (FCoE) feature in IBM System Networking and Blade Network Technology (BNT) switches running IBM Networking Operating System (aka NOS, formerly BLADE Operating System) floods data frames with unknown MAC addresses out on all interfaces on the same VLAN, which might allow remote attackers to obtain sensitive information in opportunistic circumstances by eavesdropping on the broadcast domain. IBM X-Force ID: 83166." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-0570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www-304.ibm.com/support/docview.wss?uid=isg3T1019715", - "refsource" : "CONFIRM", - "url" : "https://www-304.ibm.com/support/docview.wss?uid=isg3T1019715" - }, - { - "name" : "ibm-networking-cve20130570(83166)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83166" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Fibre Channel over Ethernet (FCoE) feature in IBM System Networking and Blade Network Technology (BNT) switches running IBM Networking Operating System (aka NOS, formerly BLADE Operating System) floods data frames with unknown MAC addresses out on all interfaces on the same VLAN, which might allow remote attackers to obtain sensitive information in opportunistic circumstances by eavesdropping on the broadcast domain. IBM X-Force ID: 83166." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-networking-cve20130570(83166)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83166" + }, + { + "name": "https://www-304.ibm.com/support/docview.wss?uid=isg3T1019715", + "refsource": "CONFIRM", + "url": "https://www-304.ibm.com/support/docview.wss?uid=isg3T1019715" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1279.json b/2013/1xxx/CVE-2013-1279.json index 01f4a87d12d..ffed257daf8 100644 --- a/2013/1xxx/CVE-2013-1279.json +++ b/2013/1xxx/CVE-2013-1279.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1279", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka \"Kernel Race Condition Vulnerability,\" a different vulnerability than CVE-2013-1278." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-1279", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-017", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-017" - }, - { - "name" : "TA13-043B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-043B.html" - }, - { - "name" : "oval:org.mitre.oval:def:16458", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16458" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka \"Kernel Race Condition Vulnerability,\" a different vulnerability than CVE-2013-1278." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-017", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-017" + }, + { + "name": "oval:org.mitre.oval:def:16458", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16458" + }, + { + "name": "TA13-043B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-043B.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1803.json b/2013/1xxx/CVE-2013-1803.json index e5c391c5b01..ad8899353e8 100644 --- a/2013/1xxx/CVE-2013-1803.json +++ b/2013/1xxx/CVE-2013-1803.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1803", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to execute arbitrary SQL commands via the (1) orderby parameter to downloads.php; or remote authenticated users with certain permissions to execute arbitrary SQL commands via a (2) parameter name starting with \"delete_attach_\" in an edit action to forum/postedit.php; the (3) poll_opts[] parameter in a newthread action to forum/postnewthread.php; the (4) pm_email_notify, (5) pm_save_sent, (6) pm_inbox, (7) pm_sentbox, or (8) pm_savebox parameter to administration/settings_messages.php; the (9) thumb_compression, (10) photo_watermark_text_color1, (11) photo_watermark_text_color2, or (12) photo_watermark_text_color3 parameter to administration/settings_photo.php; the (13) enable parameter to administration/bbcodes.php; the (14) news_image, (15) news_image_t1, or (16) news_image_t2 parameter to administration/news.php; the (17) news_id parameter in an edit action to administration/news.php; or the (18) article_id parameter in an edit action to administration/articles.php. NOTE: the user ID cookie issue in Authenticate.class.php is already covered by CVE-2013-7375." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130228 [waraxe-2013-SA#097] - Multiple Vulnerabilities in PHP-Fusion 7.02.05", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Feb/154" - }, - { - "name" : "[oss-security] 20130302 Re: CVE request: PHP-Fusion waraxe-2013-SA#097", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/03/03/2" - }, - { - "name" : "[oss-security] 20130303 CVE request: PHP-Fusion waraxe-2013-SA#097", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/03/03/1" - }, - { - "name" : "http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html" - }, - { - "name" : "http://www.waraxe.us/advisory-97.html", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/advisory-97.html" - }, - { - "name" : "http://www.php-fusion.co.uk/news.php?readmore=569", - "refsource" : "CONFIRM", - "url" : "http://www.php-fusion.co.uk/news.php?readmore=569" - }, - { - "name" : "90693", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/90693" - }, - { - "name" : "90695", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/90695" - }, - { - "name" : "90709", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/90709" - }, - { - "name" : "90710", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/90710" - }, - { - "name" : "90711", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/90711" - }, - { - "name" : "90712", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/90712" - }, - { - "name" : "90713", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/90713" - }, - { - "name" : "90714", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/90714" - }, - { - "name" : "52403", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52403" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to execute arbitrary SQL commands via the (1) orderby parameter to downloads.php; or remote authenticated users with certain permissions to execute arbitrary SQL commands via a (2) parameter name starting with \"delete_attach_\" in an edit action to forum/postedit.php; the (3) poll_opts[] parameter in a newthread action to forum/postnewthread.php; the (4) pm_email_notify, (5) pm_save_sent, (6) pm_inbox, (7) pm_sentbox, or (8) pm_savebox parameter to administration/settings_messages.php; the (9) thumb_compression, (10) photo_watermark_text_color1, (11) photo_watermark_text_color2, or (12) photo_watermark_text_color3 parameter to administration/settings_photo.php; the (13) enable parameter to administration/bbcodes.php; the (14) news_image, (15) news_image_t1, or (16) news_image_t2 parameter to administration/news.php; the (17) news_id parameter in an edit action to administration/news.php; or the (18) article_id parameter in an edit action to administration/articles.php. NOTE: the user ID cookie issue in Authenticate.class.php is already covered by CVE-2013-7375." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.waraxe.us/advisory-97.html", + "refsource": "MISC", + "url": "http://www.waraxe.us/advisory-97.html" + }, + { + "name": "90714", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/90714" + }, + { + "name": "[oss-security] 20130302 Re: CVE request: PHP-Fusion waraxe-2013-SA#097", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/03/03/2" + }, + { + "name": "90710", + "refsource": "OSVDB", + "url": "http://osvdb.org/90710" + }, + { + "name": "[oss-security] 20130303 CVE request: PHP-Fusion waraxe-2013-SA#097", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/03/03/1" + }, + { + "name": "90712", + "refsource": "OSVDB", + "url": "http://osvdb.org/90712" + }, + { + "name": "http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html" + }, + { + "name": "http://www.php-fusion.co.uk/news.php?readmore=569", + "refsource": "CONFIRM", + "url": "http://www.php-fusion.co.uk/news.php?readmore=569" + }, + { + "name": "90709", + "refsource": "OSVDB", + "url": "http://osvdb.org/90709" + }, + { + "name": "90713", + "refsource": "OSVDB", + "url": "http://osvdb.org/90713" + }, + { + "name": "90711", + "refsource": "OSVDB", + "url": "http://osvdb.org/90711" + }, + { + "name": "90693", + "refsource": "OSVDB", + "url": "http://osvdb.org/90693" + }, + { + "name": "90695", + "refsource": "OSVDB", + "url": "http://osvdb.org/90695" + }, + { + "name": "20130228 [waraxe-2013-SA#097] - Multiple Vulnerabilities in PHP-Fusion 7.02.05", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Feb/154" + }, + { + "name": "52403", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52403" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3022.json b/2013/3xxx/CVE-2013-3022.json index 6bdd3d816b2..41925b8b600 100644 --- a/2013/3xxx/CVE-2013-3022.json +++ b/2013/3xxx/CVE-2013-3022.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3022", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-3022", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3482.json b/2013/3xxx/CVE-2013-3482.json index 02087a232f4..ac7ad0b5515 100644 --- a/2013/3xxx/CVE-2013-3482.json +++ b/2013/3xxx/CVE-2013-3482.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the rf_report_error function in ermapper_u.dll in Intergraph ERDAS ER Viewer before 13.0.1.1301 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in an ERS file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2013-3482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "26708", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/26708" - }, - { - "name" : "http://www.secunia.com/blog/366", - "refsource" : "MISC", - "url" : "http://www.secunia.com/blog/366" - }, - { - "name" : "20130523 [Secunia] ERADAS ER Viewer Stack Based Overflow", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2013-May/002682.html" - }, - { - "name" : "93650", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/93650" - }, - { - "name" : "53620", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the rf_report_error function in ermapper_u.dll in Intergraph ERDAS ER Viewer before 13.0.1.1301 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in an ERS file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26708", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/26708" + }, + { + "name": "53620", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53620" + }, + { + "name": "93650", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/93650" + }, + { + "name": "20130523 [Secunia] ERADAS ER Viewer Stack Based Overflow", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2013-May/002682.html" + }, + { + "name": "http://www.secunia.com/blog/366", + "refsource": "MISC", + "url": "http://www.secunia.com/blog/366" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3838.json b/2013/3xxx/CVE-2013-3838.json index d1ae4e528ac..344b0fb3a70 100644 --- a/2013/3xxx/CVE-2013-3838.json +++ b/2013/3xxx/CVE-2013-3838.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle SPARC Enterprise T & M Series Servers running Sun System Firmware before 6.7.13 for SPARC T1, 7.4.6.c for SPARC T2, 8.3.0.b for SPARC T3 & T4, 9.0.0.d for SPARC T5 and 9.0.1.e for SPARC M5 allows local users to affect availability via unknown vectors related to Sun System Firmware/Hypervisor." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-3838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle SPARC Enterprise T & M Series Servers running Sun System Firmware before 6.7.13 for SPARC T1, 7.4.6.c for SPARC T2, 8.3.0.b for SPARC T3 & T4, 9.0.0.d for SPARC T5 and 9.0.1.e for SPARC M5 allows local users to affect availability via unknown vectors related to Sun System Firmware/Hypervisor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/3xxx/CVE-2013-3845.json b/2013/3xxx/CVE-2013-3845.json index d2cc34472cd..db973aaa488 100644 --- a/2013/3xxx/CVE-2013-3845.json +++ b/2013/3xxx/CVE-2013-3845.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-3845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-3845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-069", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-069" - }, - { - "name" : "TA13-253A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-253A" - }, - { - "name" : "oval:org.mitre.oval:def:18719", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18719" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-069", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-069" + }, + { + "name": "oval:org.mitre.oval:def:18719", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18719" + }, + { + "name": "TA13-253A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-253A" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4039.json b/2013/4xxx/CVE-2013-4039.json index a485a3727b5..41ae91279f5 100644 --- a/2013/4xxx/CVE-2013-4039.json +++ b/2013/4xxx/CVE-2013-4039.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Extended Deployment Compute Grid 8.0 before 8.0.0.3 allows remote authenticated users to obtain sensitive information, and consequently bypass intended access restrictions on jobs, via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-4039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21647485", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21647485" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21669554", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21669554" - }, - { - "name" : "PM84760", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM84760" - }, - { - "name" : "61992", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61992" - }, - { - "name" : "96607", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/96607" - }, - { - "name" : "54651", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54651" - }, - { - "name" : "websphere-edcg-cve20134039-infodisc(86175)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86175" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Extended Deployment Compute Grid 8.0 before 8.0.0.3 allows remote authenticated users to obtain sensitive information, and consequently bypass intended access restrictions on jobs, via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PM84760", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM84760" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21647485", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21647485" + }, + { + "name": "61992", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61992" + }, + { + "name": "54651", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54651" + }, + { + "name": "websphere-edcg-cve20134039-infodisc(86175)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86175" + }, + { + "name": "96607", + "refsource": "OSVDB", + "url": "http://osvdb.org/96607" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4101.json b/2013/4xxx/CVE-2013-4101.json index 1573436673e..0a245e92649 100644 --- a/2013/4xxx/CVE-2013-4101.json +++ b/2013/4xxx/CVE-2013-4101.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4101", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4101", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4560.json b/2013/4xxx/CVE-2013-4560.json index ff9e7529b95..3ac2c07016e 100644 --- a/2013/4xxx/CVE-2013-4560.json +++ b/2013/4xxx/CVE-2013-4560.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4560", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-4560", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20131112 Re: CVE Request: lighttpd multiple issues (setuid/... unchecked return value, FAM: read after free)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/11/12/4" - }, - { - "name" : "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_03.txt", - "refsource" : "CONFIRM", - "url" : "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_03.txt" - }, - { - "name" : "DSA-2795", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2013/dsa-2795" - }, - { - "name" : "HPSBGN03191", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141576815022399&w=2" - }, - { - "name" : "openSUSE-SU-2014:0072", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html" - }, - { - "name" : "55682", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55682" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55682", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55682" + }, + { + "name": "HPSBGN03191", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141576815022399&w=2" + }, + { + "name": "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_03.txt", + "refsource": "CONFIRM", + "url": "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_03.txt" + }, + { + "name": "openSUSE-SU-2014:0072", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html" + }, + { + "name": "DSA-2795", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2013/dsa-2795" + }, + { + "name": "[oss-security] 20131112 Re: CVE Request: lighttpd multiple issues (setuid/... unchecked return value, FAM: read after free)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/11/12/4" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4837.json b/2013/4xxx/CVE-2013-4837.json index eca6602c637..bb71e1a7bc9 100644 --- a/2013/4xxx/CVE-2013-4837.json +++ b/2013/4xxx/CVE-2013-4837.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4837", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-4837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02935", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437" - }, - { - "name" : "SSRT101191", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101191", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437" + }, + { + "name": "HPSBMU02935", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437" + } + ] + } +} \ No newline at end of file diff --git a/2013/4xxx/CVE-2013-4953.json b/2013/4xxx/CVE-2013-4953.json index b49a6b33350..afe3ec253da 100644 --- a/2013/4xxx/CVE-2013-4953.json +++ b/2013/4xxx/CVE-2013-4953.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-4953", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in play.php in Top Games Script 1.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-4953", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "26405", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/26405" - }, - { - "name" : "53977", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53977" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in play.php in Top Games Script 1.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53977", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53977" + }, + { + "name": "26405", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/26405" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12362.json b/2017/12xxx/CVE-2017-12362.json index 5df8d0d63a0..10e372646ae 100644 --- a/2017/12xxx/CVE-2017-12362.json +++ b/2017/12xxx/CVE-2017-12362.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Meeting Server", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Meeting Server" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could allow an authenticated, remote attacker to cause the system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to video calls being made on systems with a particular configuration. An attacker could exploit this by knowing a valid URI that directs to a Cisco Meeting Server. An attacker could then make a video call and cause the system to reload. Cisco Bug IDs: CSCve65931." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-399" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Meeting Server", + "version": { + "version_data": [ + { + "version_value": "Cisco Meeting Server" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-cms", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-cms" - }, - { - "name" : "101987", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101987" - }, - { - "name" : "1039913", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039913" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could allow an authenticated, remote attacker to cause the system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to video calls being made on systems with a particular configuration. An attacker could exploit this by knowing a valid URI that directs to a Cisco Meeting Server. An attacker could then make a video call and cause the system to reload. Cisco Bug IDs: CSCve65931." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039913", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039913" + }, + { + "name": "101987", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101987" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-cms", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-cms" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12730.json b/2017/12xxx/CVE-2017-12730.json index 8aeb1789312..e3713576d2e 100644 --- a/2017/12xxx/CVE-2017-12730.json +++ b/2017/12xxx/CVE-2017-12730.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-12730", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "mySCADA myPRO", - "version" : { - "version_data" : [ - { - "version_value" : "mySCADA myPRO" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-428" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-12730", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "mySCADA myPRO", + "version": { + "version_data": [ + { + "version_value": "mySCADA myPRO" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-255-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-255-01" - }, - { - "name" : "100815", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100815" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-428" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100815", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100815" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-255-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-255-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12935.json b/2017/12xxx/CVE-2017-12935.json index bedeaad7d87..4d8f9c4fe88 100644 --- a/2017/12xxx/CVE-2017-12935.json +++ b/2017/12xxx/CVE-2017-12935.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-12935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-12935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html" - }, - { - "name" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188", - "refsource" : "MISC", - "url" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188" - }, - { - "name" : "https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-invalid-memory-read-in-setimagecolorcallback-image-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-invalid-memory-read-in-setimagecolorcallback-image-c/" - }, - { - "name" : "DSA-4321", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-invalid-memory-read-in-setimagecolorcallback-image-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-invalid-memory-read-in-setimagecolorcallback-image-c/" + }, + { + "name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188", + "refsource": "MISC", + "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188" + }, + { + "name": "DSA-4321", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4321" + }, + { + "name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13267.json b/2017/13xxx/CVE-2017-13267.json index b30e5669dfe..81fe26a00a1 100644 --- a/2017/13xxx/CVE-2017-13267.json +++ b/2017/13xxx/CVE-2017-13267.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2017-13267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69479009." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2017-13267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69479009." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13277.json b/2017/13xxx/CVE-2017-13277.json index 99646ef046b..780016e7bb7 100644 --- a/2017/13xxx/CVE-2017-13277.json +++ b/2017/13xxx/CVE-2017-13277.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2017-13277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ihevcd_fmt_conv of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72165027." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2017-13277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ihevcd_fmt_conv of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72165027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13340.json b/2017/13xxx/CVE-2017-13340.json index 2ca4e6ebabe..eaa48c44c0c 100644 --- a/2017/13xxx/CVE-2017-13340.json +++ b/2017/13xxx/CVE-2017-13340.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13340", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-13340", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16047.json b/2017/16xxx/CVE-2017-16047.json index 7adf5fe4507..46da01a1577 100644 --- a/2017/16xxx/CVE-2017-16047.json +++ b/2017/16xxx/CVE-2017-16047.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16047", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "mysqljs node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Embedded Malicious Code (CWE-506)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16047", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "mysqljs node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodesecurity.io/advisories/494", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/494" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Embedded Malicious Code (CWE-506)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/494", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/494" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16117.json b/2017/16xxx/CVE-2017-16117.json index fa9ce3032ab..636eccba69e 100644 --- a/2017/16xxx/CVE-2017-16117.json +++ b/2017/16xxx/CVE-2017-16117.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16117", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "slug node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k characters can block the event loop for 2 seconds." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service (CWE-400)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16117", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "slug node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/dodo/node-slug/issues/82", - "refsource" : "MISC", - "url" : "https://github.com/dodo/node-slug/issues/82" - }, - { - "name" : "https://nodesecurity.io/advisories/537", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/537" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k characters can block the event loop for 2 seconds." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (CWE-400)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/dodo/node-slug/issues/82", + "refsource": "MISC", + "url": "https://github.com/dodo/node-slug/issues/82" + }, + { + "name": "https://nodesecurity.io/advisories/537", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/537" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16498.json b/2017/16xxx/CVE-2017-16498.json index 4966ef6a93c..209c4a2d638 100644 --- a/2017/16xxx/CVE-2017-16498.json +++ b/2017/16xxx/CVE-2017-16498.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16498", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-16498", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17267.json b/2017/17xxx/CVE-2017-17267.json index 159c9e4bc89..220e9bfb2d3 100644 --- a/2017/17xxx/CVE-2017-17267.json +++ b/2017/17xxx/CVE-2017-17267.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17267", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-17267", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17538.json b/2017/17xxx/CVE-2017-17538.json index f75053b24e7..28bfcc30a55 100644 --- a/2017/17xxx/CVE-2017-17538.json +++ b/2017/17xxx/CVE-2017-17538.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-17538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-17538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43317", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43317/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43317", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43317/" + } + ] + } +} \ No newline at end of file diff --git a/2017/17xxx/CVE-2017-17657.json b/2017/17xxx/CVE-2017-17657.json index 0dbc6bfb3e5..2d481c8b0e4 100644 --- a/2017/17xxx/CVE-2017-17657.json +++ b/2017/17xxx/CVE-2017-17657.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2017-17657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Quest NetVault Backup", - "version" : { - "version_data" : [ - { - "version_value" : "11.3.0.12" - } - ] - } - } - ] - }, - "vendor_name" : "Quest" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup TimeRange method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4294." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-89-Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2017-17657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Quest NetVault Backup", + "version": { + "version_data": [ + { + "version_value": "11.3.0.12" + } + ] + } + } + ] + }, + "vendor_name": "Quest" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-17-993", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-17-993" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup TimeRange method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4294." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89-Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-17-993", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-17-993" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18543.json b/2018/18xxx/CVE-2018-18543.json index 26b642a890f..b689a7bb0b9 100644 --- a/2018/18xxx/CVE-2018-18543.json +++ b/2018/18xxx/CVE-2018-18543.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18543", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18543", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18705.json b/2018/18xxx/CVE-2018-18705.json index 0492bd77df2..391c0381805 100644 --- a/2018/18xxx/CVE-2018-18705.json +++ b/2018/18xxx/CVE-2018-18705.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PhpTpoint hospital management system suffers from multiple SQL injection vulnerabilities via the index.php user parameter associated with LOGIN.php, or the rno parameter to ALIST.php, DUNDEL.php, PDEL.php, or PUNDEL.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://packetstormsecurity.com/files/149942/PHPTPoint-Hospital-Management-System-1-SQL-Injection.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/149942/PHPTPoint-Hospital-Management-System-1-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PhpTpoint hospital management system suffers from multiple SQL injection vulnerabilities via the index.php user parameter associated with LOGIN.php, or the rno parameter to ALIST.php, DUNDEL.php, PDEL.php, or PUNDEL.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/149942/PHPTPoint-Hospital-Management-System-1-SQL-Injection.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/149942/PHPTPoint-Hospital-Management-System-1-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18944.json b/2018/18xxx/CVE-2018-18944.json index 1519db62583..3a6c2c1ba4e 100644 --- a/2018/18xxx/CVE-2018-18944.json +++ b/2018/18xxx/CVE-2018-18944.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-18944", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-18944", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/19xxx/CVE-2018-19776.json b/2018/19xxx/CVE-2018-19776.json index c63606d00b1..1da9d0feb7d 100644 --- a/2018/19xxx/CVE-2018-19776.json +++ b/2018/19xxx/CVE-2018-19776.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-19776", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-19776", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1004.json b/2018/1xxx/CVE-2018-1004.json index 486d7213855..acf482fc241 100644 --- a/2018/1xxx/CVE-2018-1004.json +++ b/2018/1xxx/CVE-2018-1004.json @@ -1,194 +1,194 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-1004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 7", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - } - ] - } - }, - { - "product_name" : "Windows Server 2012 R2", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Internet Explorer 9", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2008 for 32-bit Systems Service Pack 2" - }, - { - "version_value" : "Windows Server 2008 for x64-based Systems Service Pack 2" - } - ] - } - }, - { - "product_name" : "Windows RT 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "Windows RT 8.1" - } - ] - } - }, - { - "product_name" : "Windows Server 2012", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit systems" - }, - { - "version_value" : "x64-based systems" - } - ] - } - }, - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows Server 2008 R2", - "version" : { - "version_data" : [ - { - "version_value" : "Itanium-Based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1" - }, - { - "version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "32-bit Systems" - }, - { - "version_value" : "Version 1511 for 32-bit Systems" - }, - { - "version_value" : "Version 1511 for x64-based Systems" - }, - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "x64-based Systems" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka \"Windows VBScript Engine Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Internet Explorer 9, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-1004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 7", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Internet Explorer 9", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "Windows RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 8.1", + "version": { + "version_data": [ + { + "version_value": "32-bit systems" + }, + { + "version_value": "x64-based systems" + } + ] + } + }, + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows Server 2008 R2", + "version": { + "version_data": [ + { + "version_value": "Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1" + }, + { + "version_value": "x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "Version 1511 for 32-bit Systems" + }, + { + "version_value": "Version 1511 for x64-based Systems" + }, + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "x64-based Systems" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1004", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1004" - }, - { - "name" : "103657", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103657" - }, - { - "name" : "1040655", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040655" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka \"Windows VBScript Engine Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Internet Explorer 9, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040655", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040655" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1004", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1004" + }, + { + "name": "103657", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103657" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1176.json b/2018/1xxx/CVE-2018-1176.json index e7f78528a52..6115853ff20 100644 --- a/2018/1xxx/CVE-2018-1176.json +++ b/2018/1xxx/CVE-2018-1176.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-1176", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.0.29935" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ePub files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5442." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-787-Out-of-bounds Write" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-1176", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-314", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-314" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ePub files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5442." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787-Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-314", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-314" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1263.json b/2018/1xxx/CVE-2018-1263.json index 52fb2630a68..7d85d8d55c1 100644 --- a/2018/1xxx/CVE-2018-1263.json +++ b/2018/1xxx/CVE-2018-1263.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "DATE_PUBLIC" : "2018-05-09T00:00:00", - "ID" : "CVE-2018-1263", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Spring Integration Zip", - "version" : { - "version_data" : [ - { - "version_value" : "versions prior to 1.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "Pivotal" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory Traversal" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-05-09T00:00:00", + "ID": "CVE-2018-1263", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Spring Integration Zip", + "version": { + "version_data": [ + { + "version_value": "versions prior to 1.0.2" + } + ] + } + } + ] + }, + "vendor_name": "Pivotal" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pivotal.io/security/cve-2018-1263", - "refsource" : "CONFIRM", - "url" : "https://pivotal.io/security/cve-2018-1263" - }, - { - "name" : "104179", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104179" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104179", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104179" + }, + { + "name": "https://pivotal.io/security/cve-2018-1263", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2018-1263" + } + ] + } +} \ No newline at end of file diff --git a/2018/1xxx/CVE-2018-1267.json b/2018/1xxx/CVE-2018-1267.json index 0fc060282e8..b5d11c534a6 100644 --- a/2018/1xxx/CVE-2018-1267.json +++ b/2018/1xxx/CVE-2018-1267.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "DATE_PUBLIC" : "2018-03-26T00:00:00", - "ID" : "CVE-2018-1267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cloud Foundry Silk CNI plugin, versions prior to 0.2.0, contains an improper access control vulnerability. If the platform is configured with an application security group (ASG) that overlaps with the Silk overlay network, any applications can reach any other application on the network regardless of the configured routing policies." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2018-03-26T00:00:00", + "ID": "CVE-2018-1267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.cloudfoundry.org/blog/cve-2018-1267/", - "refsource" : "CONFIRM", - "url" : "https://www.cloudfoundry.org/blog/cve-2018-1267/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cloud Foundry Silk CNI plugin, versions prior to 0.2.0, contains an improper access control vulnerability. If the platform is configured with an application security group (ASG) that overlaps with the Silk overlay network, any applications can reach any other application on the network regardless of the configured routing policies." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cloudfoundry.org/blog/cve-2018-1267/", + "refsource": "CONFIRM", + "url": "https://www.cloudfoundry.org/blog/cve-2018-1267/" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5082.json b/2018/5xxx/CVE-2018-5082.json index 4deab141d21..36ad95327e1 100644 --- a/2018/5xxx/CVE-2018-5082.json +++ b/2018/5xxx/CVE-2018-5082.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002128." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x83002128", - "refsource" : "MISC", - "url" : "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x83002128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002128." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x83002128", + "refsource": "MISC", + "url": "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x83002128" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5350.json b/2018/5xxx/CVE-2018-5350.json index fc3c8421fa8..7108824a81b 100644 --- a/2018/5xxx/CVE-2018-5350.json +++ b/2018/5xxx/CVE-2018-5350.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5350", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5350", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5635.json b/2018/5xxx/CVE-2018-5635.json index 13df10e606d..a62596b7863 100644 --- a/2018/5xxx/CVE-2018-5635.json +++ b/2018/5xxx/CVE-2018-5635.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5635", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5635", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file